x-kom hosting

Wirus policyjny - możliwość pracy tylko w dosie

kamann
utworzono
utworzono (edytowane)

Witam,

Problem polega na tym, że wyskakuje mi to całe okienko na temat piractwa komputerowego i jedynym możliwym sposobem odpalenia systemu to tryb awaryjny z wierszem polecenia. Usunąłem dwa pliczki: dsgsdgdsgdsgw.pas i dsgsdgdsgdsgw.js. Teraz okienko sie nie pokazuje ale komputer nadal sie blokuje, znikają okienka i ikony i pozostaje samo tło. Próbowałem odpalic Kaspersky Rescue Disc ale podczas wyboru trybu tekstowego i graficznego wyskakuje m. in. "[font=Arial, Helvetica, sans-serif][size=3]failed to mount block device of live image". [/size][/font]

[font=Arial, Helvetica, sans-serif][size=3]No i pytanie jest takie, jak to ogarnąć żeby pozbyć się tego syfu bez konieczności formatowania??[/size][/font] :help:

Win XP Pro.

Kookos
komentarz
komentarz

Bez formatu się nie obejdzie, ale programem odzyskasz później dane z dysku

Gość
komentarz
komentarz (edytowane)

[quote name='Kookos' timestamp='1356896844' post='1659545'] Bez formatu się nie obejdzie, ale programem odzyskasz później dane z dysku [/quote]

Wprowadzasz w błąd, Oczywiście że formatowanie nie jest konieczne . Wykonaj odpowiednie logi głownie OTL żeby ktoś mógł ci pomóc. A najlepiej poczekaj na kogoś z polecanych skoro awaryjny też ci kuleje. Powiedzą ci jak je zrobić .

wirusolog
komentarz
komentarz

Daj logi z OTL: http://www.forumpc.pl/index.php?showtopic=104338

Przemall
komentarz
komentarz

a nie lepiej użyć comandfix w trybie awaryjnym? ja miałem to samo i pomogło

kamann
komentarz
komentarz (edytowane)

Co do logów to tym sposobem nie da rady bo system dziala tylko w trybie dosowym. Spróbuje to ogarnąć tym OTL bootowalnym z plytki [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/[/url] ale to niestety dopiero jutro bo nie mam teraz ani plytki ani czynnego sklepu.

[quote][color=#282828][font=helvetica, arial, sans-serif]a nie lepiej użyć comandfix w trybie awaryjnym? ja miałem to samo i pomogło[/font][/color][/quote]

Jak to dokładnie zrobić, bo wpisalem w cmd i nic nie dalo, a nie jestem zbyt mocny w tych dziedzinach.

wirusolog
komentarz
komentarz (edytowane)

[quote]
a nie lepiej użyć comandfix w trybie awaryjnym? ja miałem to samo i pomogło[/quote]
ComboFix to program który stosuję się tylko przy [u]niektórych infekcjach i jest dedykowany na nie[/u]. Używanie ComboFixa bezpodstawnie może prowadzić do destabilizacji systemu oraż do jego awarii.
Obraz iso można jeszcze nagrać np. na pendrive i z niego się ratować...

  • Dobra wypowiedź 1
Przemall
komentarz
komentarz (edytowane)

te same dwa pliki usunął mi [s]commandfix[/s], też był to wirus policyjny, jest jakaś strona gdzie jest napisane, że ostatnio jest popularny i powinno się go tym usuwać, jak znajdę dam link.

EDIT: Ja to nie wiem jak ja mogłem się tak pomylić ! Cały czas miałem na myśli [b]combofix[/b]

wirusolog
komentarz
komentarz

Ale infekcja nie składa tylko się z dwóch plików...

Przemall
komentarz
komentarz

Wiem, że nie składa się z dwóch plików, usunął również inne pliki, podałem te 2 bo akurat je spostrzegłem, nie przeglądałem wszystkiego. Nie sądze aby to był inny wirus, gdyż ostatnio jest go pełno na necie, wystarczy wejść na strone i sam się włącza.

kamann
komentarz
komentarz

Jak na złość, z pena nic nie poszlo, a gdy włożyłem dzisiaj nagraną płytke to przy ładowaniu wyskoczył bsod. Póki co odpale chkdsc i zobaczymy co wyjdzie.

[img]http://i49.tinypic.com/149bogi.jpg[/img]

wirusolog
komentarz
komentarz

Masz płytkę z Windowsem?
Jeżeli tak to wejdź w konsole odzyskiwania i wpisz te dwie komendy:
[b]FIXMBR
FIXBOOT[/b]
i wyjdź komendą [b]EXIT[/b]

  • Dobra wypowiedź 1
kamann
komentarz
komentarz (edytowane)

Logi:

OTL
[log]OTL logfile created on: 2012-12-31 15:28:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 84,36% Memory free
3,85 Gb Paging File | 3,73 Gb Available in Paging File | 96,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 3,02 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 12,64 Gb Free Space | 10,79% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 14,87 Gb Free Space | 11,26% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,72 Gb Free Space | 37,82% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
PRC - [2004-08-04 01:44:24 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\pchealth\helpctr\binaries\msconfig.exe
PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
MOD - [2012-09-23 15:28:00 | 002,376,704 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvapi.dll
MOD - [2012-09-23 15:28:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012-09-23 14:09:17 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvrspl.dll
MOD - [2012-09-23 14:04:12 | 015,512,424 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvcpl.dll
MOD - [2012-06-09 18:20:02 | 000,168,448 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011-05-14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010-11-18 17:08:12 | 000,055,808 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2010-04-16 17:09:02 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wininet.dll
MOD - [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shdocvw.dll
MOD - [2010-04-16 17:09:01 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\urlmon.dll
MOD - [2010-04-16 17:08:59 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browseui.dll
MOD - [2009-12-24 08:04:53 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wintrust.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shlwapi.dll
MOD - [2009-09-11 15:19:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msv1_0.dll
MOD - [2009-09-04 22:05:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msasn1.dll
MOD - [2009-08-13 14:56:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009-07-31 05:35:11 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msxml3.dll
MOD - [2009-07-17 20:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\atl.dll
MOD - [2009-07-11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009-06-25 09:27:54 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsasrv.dll
MOD - [2009-06-25 09:27:54 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kerberos.dll
MOD - [2009-06-25 09:27:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\schannel.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\secur32.dll
MOD - [2009-06-25 09:27:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdigest.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kernel32.dll
MOD - [2009-03-10 21:18:06 | 000,265,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WgaLogon.dll
MOD - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\advapi32.dll
MOD - [2009-02-09 11:53:44 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcss.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdll.dll
MOD - [2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netlogon.dll
MOD - [2008-12-16 13:32:33 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winhttp.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\gdi32.dll
MOD - [2008-10-15 17:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netapi32.dll
MOD - [2008-06-20 18:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dnsapi.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shell32.dll
MOD - [2008-05-19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msi.dll
MOD - [2006-11-24 10:21:30 | 001,721,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
MOD - [2006-10-26 23:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006-10-26 23:48:40 | 001,555,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MOD - [2006-10-26 23:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006-10-26 23:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006-10-26 23:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006-10-26 19:12:30 | 000,061,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
MOD - [2006-10-18 20:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WPDShServiceObj.dll
MOD - [2006-10-18 20:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceApi.dll
MOD - [2006-10-18 20:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceTypes.dll
MOD - [2006-05-13 15:29:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc_os.dll
MOD - [2006-05-13 15:26:21 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\umpnpmgr.dll
MOD - [2006-05-13 15:25:54 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ole32.dll
MOD - [2006-05-13 15:25:30 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\clbcatq.dll
MOD - [2006-05-13 15:23:57 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\linkinfo.dll
MOD - [2006-05-13 15:22:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\user32.dll
MOD - [2006-05-13 15:21:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\authz.dll
MOD - [2006-05-13 15:20:25 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\AppPatch\AcGenral.dll
MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winspool.drv
MOD - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
MOD - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
MOD - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe
MOD - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
MOD - [2004-08-04 01:44:24 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\pchealth\helpctr\binaries\msconfig.exe
MOD - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
MOD - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
MOD - [2004-08-04 01:44:18 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\zipfldr.dll
MOD - [2004-08-04 01:44:16 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winmm.dll
MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wldap32.dll
MOD - [2004-08-04 01:44:16 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winscard.dll
MOD - [2004-08-04 01:44:16 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wlnotify.dll
MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2_32.dll
MOD - [2004-08-04 01:44:16 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winsta.dll
MOD - [2004-08-04 01:44:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2help.dll
MOD - [2004-08-04 01:44:16 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wtsapi32.dll
MOD - [2004-08-04 01:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\userenv.dll
MOD - [2004-08-04 01:44:14 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\themeui.dll
MOD - [2004-08-04 01:44:14 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\webcheck.dll
MOD - [2004-08-04 01:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\uxtheme.dll
MOD - [2004-08-04 01:44:14 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\w32time.dll
MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\version.dll
MOD - [2004-08-04 01:44:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shsvcs.dll
MOD - [2004-08-04 01:44:12 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stobject.dll
MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srclient.dll
MOD - [2004-08-04 01:44:12 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimeng.dll
MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\setupapi.dll
MOD - [2004-08-04 01:44:10 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samsrv.dll
MOD - [2004-08-04 01:44:10 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scesrv.dll
MOD - [2004-08-04 01:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samlib.dll
MOD - [2004-08-04 01:44:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regapi.dll
MOD - [2004-08-04 01:44:10 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rtutils.dll
MOD - [2004-08-04 01:44:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\profmap.dll
MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\psapi.dll
MOD - [2004-08-04 01:44:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\powrprof.dll
MOD - [2004-08-04 01:44:10 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc.dll
MOD - [2004-08-04 01:44:08 | 001,714,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netshell.dll
MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleaut32.dll
MOD - [2004-08-04 01:44:08 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbc32.dll
MOD - [2004-08-04 01:44:08 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui1.dll
MOD - [2004-08-04 01:44:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nwprovau.dll
MOD - [2004-08-04 01:44:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntshrui.dll
MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntmarta.dll
MOD - [2004-08-04 01:44:08 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mydocs.dll
MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\olepro32.dll
MOD - [2004-08-04 01:44:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui0.dll
MOD - [2004-08-04 01:44:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdsapi.dll
MOD - [2004-08-04 01:44:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntlanman.dll
MOD - [2004-08-04 01:44:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ncobjapi.dll
MOD - [2004-08-04 01:44:08 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nddeapi.dll
MOD - [2004-08-04 01:44:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
MOD - [2004-08-04 01:44:06 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msgina.dll
MOD - [2004-08-04 01:44:06 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msftedit.dll
MOD - [2004-08-04 01:44:06 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll
MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcrt.dll
MOD - [2004-08-04 01:44:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msutb.dll
MOD - [2004-08-04 01:44:06 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msimg32.dll
MOD - [2004-08-04 01:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mlang.dll
MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSCTF.dll
MOD - [2004-08-04 01:44:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msacm32.dll
MOD - [2004-08-04 01:44:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mpr.dll
MOD - [2004-08-04 01:44:02 | 001,024,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mfc42u.dll
MOD - [2004-08-04 01:44:02 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\iphlpapi.dll
MOD - [2004-08-04 01:44:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imagehlp.dll
MOD - [2004-08-04 01:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imm32.dll
MOD - [2004-08-04 01:43:58 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\duser.dll
MOD - [2004-08-04 01:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
MOD - [2004-08-04 01:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comres.dll
MOD - [2004-08-04 01:43:56 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comctl32.dll
MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\crypt32.dll
MOD - [2004-08-04 01:43:56 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptui.dll
MOD - [2004-08-04 01:43:56 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscui.dll
MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comdlg32.dll
MOD - [2004-08-04 01:43:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\credui.dll
MOD - [2004-08-04 01:43:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscdll.dll
MOD - [2004-08-04 01:43:56 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptdll.dll
MOD - [2004-08-04 01:43:56 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\davclnt.dll
MOD - [2004-08-04 01:43:56 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drprov.dll
MOD - [2004-08-04 01:43:54 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\apphelp.dll
MOD - [2004-08-04 01:43:54 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\batmeter.dll
MOD - [2004-08-04 01:43:52 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\actxprxy.dll
MOD - [2004-08-04 01:43:30 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\xpsp2res.dll
MOD - [2004-08-04 01:43:14 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbcint.dll
MOD - [2004-08-04 01:43:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msprivs.dll
MOD - [2004-08-04 01:42:40 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browselc.dll
MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2004-08-03 23:44:14 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\usbui.dll
MOD - [2004-08-03 23:31:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rsaenh.dll
MOD - [2001-10-26 20:29:40 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleacc.dll
MOD - [2001-10-26 20:28:30 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mfc42loc.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012-12-30 16:32:02 | 000,203,176 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe -- (winmgmt)
SRV - [2012-12-21 12:40:20 | 000,894,920 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)
SRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
SRV - [2012-12-20 16:28:23 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\WINNT\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}\syshost.exe -- (syshost32)
SRV - [2012-12-10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-12-04 17:06:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-11-02 20:00:42 | 002,400,800 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe -- (PC Performer Manager)
SRV - [2012-09-23 15:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-30 20:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-06-29 08:31:06 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-05-05 12:21:33 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009-03-31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINNT\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007-12-14 10:46:28 | 000,047,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
DRV - [2012-12-20 14:04:58 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\gdrv.sys -- (gdrv)
DRV - [2011-06-29 08:31:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-06-29 08:31:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009-03-18 16:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-02-14 10:04:06 | 004,676,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008-01-03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-10-11 10:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004-08-04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001-08-18 00:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-18 00:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD3200AAJS-00B4A0_WD-WMAT1040563005630&ts=1353005329"]http://www.v9.com/?u...0&ts=1353005329[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://websearch.mocaflix.com/"]http://websearch.mocaflix.com/[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://search.v9.com/web/?q={searchTerms}"]http://search.v9.com...q={searchTerms}[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - SOFTWARE\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://startsear.ch/?aff=2&src=sp&cf=12361a60-f924-11e1-9d08-001fd05fed62&q={searchTerms}"]http://startsear.ch/...q={searchTerms}[/url]
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = [url="http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyByE0FyDtN0D0Tzu0CtBzyzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1113811662"]http://searchfunmood...E&cr=1113811662[/url]
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q={searchTerms}"]http://websearch.moc...q={searchTerms}[/url]
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={55B7FA17-4C1F-4261-925B-42DAE5002F3E}"]http://search.sweeti...B-42DAE5002F3E}[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [url="http://www.claro-search.com/?affID=114506&tt=4912_4&babsrc=HP_clro&mntrId=80ba74f5000000000000001fd05fed62"]http://www.claro-sea...000001fd05fed62[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD3200AAJS-00B4A0_WD-WMAT1040563005630&ts=1353005329"]http://www.v9.com/?u...0&ts=1353005329[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://isearch.avg.com/?cid={B5AE5B34-E2FA-4CF1-A336-BE34FC542432}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=pl&ds=xn011&pr=sa&d=2012-12-21"]http://isearch.avg.c...sa&d=2012-12-21[/url] 12:40:42&v=13.3.0.17&sap=hp
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://search.imesh.com/sidebar.html?src=ssb&sysid=1"]http://search.imesh....src=ssb&sysid=1[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - SOFTWARE\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}\InprocServer32 File not found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = [url="http://start.facemoods.com/?a=make&s={searchTerms}&f=4"]http://start.facemoo...earchTerms}&f=4[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=crm&q={searchTerms}&locale=&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=3DA1EBE4-62DF-4FDE-8489-44A5FD7ABF91&apn_sauid=3FE73BB0-E0A8-40AF-BCD3-258B15C3DB08"]http://websearch.ask...D3-258B15C3DB08[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = [url="http://search.v9.com/web/?q={searchTerms}"]http://search.v9.com...q={searchTerms}[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={B5AE5B34-E2FA-4CF1-A336-BE34FC542432}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=pl&ds=xn011&pr=sa&d=2012-12-21"]http://isearch.avg.c...sa&d=2012-12-21[/url] 12:40:42&v=13.3.0.17&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = [url="http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyByE0FyDtN0D0Tzu0CtBzyzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=1113811662"]http://searchfunmood...E&cr=1113811662[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = [url="http://websearch.mocaflix.com/?l=1&q={searchTerms}"]http://websearch.moc...q={searchTerms}[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{E85E867A-F76D-4DB2-BE19-B12E445C7D79}: "URL" = [url="https://isearch.avg.com/search?cid={9A8BB263-AF77-4C51-BE34-F9299CC12489}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=en&ds=ft011&pr=sa&d=2012-03-29"]https://isearch.avg....sa&d=2012-03-29[/url] 21:54:24&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={55B7FA17-4C1F-4261-925B-42DAE5002F3E}"]http://search.sweeti...B-42DAE5002F3E}[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.pl/"
FF - prefs.js..extensions.enabledAddons: gencrawler%40some.com:2.6
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.3.0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={B5AE5B34-E2FA-4CF1-A336-BE34FC542432}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=pl&ds=xn011&pr=sa&d=2012-12-21 12:40:42&v=13.3.0.17&sap=ku&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011-12-08 21:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\13.3.0.17 [2012-12-21 12:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-04 17:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-20 15:30:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Documents and Settings\All Users\Dane aplikacji\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012-12-04 13:00:14 | 000,000,000 | ---D | M]

[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Extensions
[2012-12-09 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions
[2012-11-19 16:00:28 | 000,215,985 | ---- | M] () (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2011-07-18 22:18:28 | 000,002,566 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\askcom.xml
[2012-04-17 23:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\conduit.xml
[2012-10-24 13:41:13 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\Funmoods.xml
[2010-09-02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\iMeshWebSearch.xml
[2012-09-30 18:57:14 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\MyStart Search.xml
[2012-09-07 20:42:10 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\startsear.xml
[2012-09-24 14:32:08 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\sweetim.xml
[2010-03-05 15:53:07 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\web-search.xml
[2012-12-03 14:04:47 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\WebSearch.xml
[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-27 19:16:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-05-03 14:23:50 | 000,000,000 | ---D | M] (General Crawler) -- C:\DOCUMENTS AND SETTINGS\ALEX\DANE APLIKACJI\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2012-12-21 12:40:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH\FIREFOXEXT\13.3.0.17
[2011-12-08 21:51:51 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012-04-29 11:50:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-07-18 07:47:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINNT\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-12-04 17:06:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-29 11:50:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-25 12:19:26 | 000,081,920 | ---- | M] (COMARCH S.A.) -- C:\Program Files\mozilla firefox\plugins\npNOL3_ns8_mozilla.dll
[2011-10-27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011-11-11 10:43:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-12-21 12:40:47 | 000,003,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-12-04 13:00:06 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-11-11 10:43:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-12-08 21:52:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010-09-02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2011-11-11 10:43:08 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-11-11 10:43:08 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-11-15 19:48:51 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2011-11-11 10:43:08 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-11-11 10:43:08 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-03-01 17:54:50 | 000,000,884 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 87.229.126.88 www.google.com
O1 - Hosts: 87.229.126.89 www.bing.com
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Documents and Settings\alex\Dane aplikacji\Media Finder\Extensions\gencrawler_gc.dll ()
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files\FreeSoundRecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O18 - Protocol\Handler\brx - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-30 20:27:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-10-24 12:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 20:35:30 | 000,000,000 | ---D | M] - E:\Automap -- [ NTFS ]
O32 - AutoRun File - [2010-07-03 10:57:00 | 000,000,598 | RHS- | M] () - I:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{046c618c-0bd5-11e2-9d26-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{046c618c-0bd5-11e2-9d26-001fd05fed62}\Shell\AutoRun\command - "" = H:\MicroLauncher.exe
O33 - MountPoints2\{5c4429dc-9d55-11df-9b05-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{5c4429dc-9d55-11df-9b05-001fd05fed62}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL default.htm
O33 - MountPoints2\{e28c190a-4f32-11e0-9984-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{e28c190a-4f32-11e0-9984-001fd05fed62}\Shell\AutoRun\command - "" = O:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)

MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WudfSvc"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WPFFontCache_v0400"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "Wmi"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "WMDM PMSP Service"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "winmgmt"
MsConfig - Services: "WebClient"
MsConfig - Services: "W32Time"
MsConfig - Services: "vToolbarUpdater13.3.2"
MsConfig - Services: "VSS"
MsConfig - Services: "UPS"
MsConfig - Services: "upnphost"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TlntSvr"
MsConfig - Services: "Themes"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "SysmonLog"
MsConfig - Services: "syshost32"
MsConfig - Services: "SwPrv"
MsConfig - Services: "stisvc"
MsConfig - Services: "Steam Client Service"
MsConfig - Services: "SSDPSRV"
MsConfig - Services: "srservice"
MsConfig - Services: "Spooler"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "SENS"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "PolicyAgent"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "PlugPlay"
MsConfig - Services: "PC Performer Manager"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NwSapAgent"
MsConfig - Services: "NWCWorkstation"
MsConfig - Services: "nvUpdatusService"
MsConfig - Services: "NVSvc"
MsConfig - Services: "NtmsSvc"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "NMSAccess"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MSIServer"
MsConfig - Services: "MSDTC"
MsConfig - Services: "MozillaMaintenance"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "LmHosts"
MsConfig - Services: "LexBceS"
MsConfig - Services: "lanmanworkstation"
MsConfig - Services: "lanmanserver"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HTTPFilter"
MsConfig - Services: "HidServ"
MsConfig - Services: "helpsvc"
MsConfig - Services: "Hamachi2Svc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "GEST Service"
MsConfig - Services: "FsUsbExService"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "Eventlog"
MsConfig - Services: "ERSvc"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "Dhcp"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v4.0.30319_32"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "AudioSrv"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - Services: "ALG"
MsConfig - Services: "Alerter"
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Eduvdaanog[/b] - hkey= - key= - C:\Documents and Settings\alex\Dane aplikacji\Ikach\awte.exe ()
MsConfig - StartUpReg: [b]Efruqynya[/b] - hkey= - key= - C:\Documents and Settings\alex\Dane aplikacji\Lepayg\izasz.exe (Корпорация Майкрософт)
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]GEST[/b] - hkey= - key= - C:\Program Files\GIGABYTE\GEST\run.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]HF_G_Jul[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]ISUSPM Startup[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]ISUSScheduler[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]IVONA ControlCenter[/b] - hkey= - key= - C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: [b]Media Finder[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NPSStartup[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
MsConfig - StartUpReg: [b]PCSpeedUp[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]Realtime Audio Engine[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]RGSC[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ROC_ROC_JULY_P1[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]Tutorials[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]USBToolTip[/b] - hkey= - key= - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: [b]vProt[/b] - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe ()
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: fsproflt - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: fsproflt - Reg Error: Value error.
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-12-31 15:20:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-30 16:32:02 | 000,203,176 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe
[2012-12-27 21:30:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\alex\Recent
[2012-12-27 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-24 13:43:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012-12-24 13:43:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012-12-24 13:43:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012-12-24 13:43:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012-12-24 13:43:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-12-24 13:39:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-24 13:39:02 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012-12-24 13:35:45 | 005,012,686 | R--- | C] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-24 13:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\HiJackThis
[2012-12-24 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-12-24 11:08:19 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-22 16:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\AVG Secure Search
[2012-12-21 12:50:12 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-21 12:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\AVG Secure Search
[2012-12-21 12:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
[2012-12-21 12:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\AVG Secure Search
[2012-12-21 12:40:39 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-21 12:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012-12-21 12:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012-12-21 12:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012-12-20 16:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-12-20 16:28:18 | 000,412,088 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Tahomu
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Ikach
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Akuh
[2012-12-16 12:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SimilarSites
[2012-12-16 12:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\backburner
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Lepayg
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Amlie
[2012-12-11 15:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi
[2012-12-07 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft
[2012-12-07 21:37:34 | 000,000,000 | ---D | C] -- C:\Users
[2012-12-07 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-12-07 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2012-12-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2012-12-04 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-12-04 21:06:50 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 13:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
[2012-12-04 13:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\PerformerSoft
[2012-12-04 13:00:09 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINNT\System32\roboot.exe
[2012-12-04 12:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService
[2012-12-04 12:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Performer Manager
[2012-12-04 12:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-12-03 14:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SaveAs
[2012-12-03 14:04:15 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012-12-03 14:03:16 | 000,000,000 | ---D | C] -- C:\Windows
[2012-12-03 14:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bcool
[2012-12-03 14:01:42 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-30 11:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Funmoods
[2012-11-28 17:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\The KMPlayer
[2012-11-28 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2012-11-28 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-11-23 15:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\uTorrentControl2
[2012-11-23 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design
[2012-11-23 15:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\FreeSoundRecorder
[2012-11-23 15:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\MyAshampoo
[2012-11-23 15:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2012-11-18 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012-11-08 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\Fraps
[2012-11-08 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2012-11-08 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011-07-18 21:54:32 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011-07-18 21:54:32 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-31 14:09:18 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012-12-31 14:07:48 | 018,612,224 | -H-- | M] () -- C:\Documents and Settings\alex\NTUSER.DAT
[2012-12-31 14:07:48 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\alex\ntuser.ini
[2012-12-31 14:07:45 | 000,001,058 | ---- | M] () -- C:\WINNT\win.ini
[2012-12-31 14:07:45 | 000,000,356 | ---- | M] () -- C:\WINNT\system.ini
[2012-12-31 13:58:06 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-12-31 13:45:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2012-12-31 13:44:02 | 000,002,885 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
[2012-12-31 13:43:20 | 000,001,028 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-31 13:43:20 | 000,000,548 | -H-- | M] () -- C:\WINNT\tasks\OptimizerProUpdaterTask{DB53F509-889B-4D09-8CC4-AD4D7A216639}.job
[2012-12-30 16:38:31 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012-12-30 16:35:29 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012-12-30 16:32:02 | 000,203,176 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe
[2012-12-30 16:08:01 | 000,001,032 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-30 15:00:47 | 000,000,269 | ---- | M] () -- C:\WINNT\LEXSTAT.INI
[2012-12-30 14:48:58 | 000,437,660 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-29 12:03:16 | 001,262,840 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2012-12-29 12:03:16 | 000,558,466 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2012-12-29 12:03:16 | 000,495,958 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012-12-29 12:03:16 | 000,105,530 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2012-12-29 12:03:16 | 000,084,442 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012-12-28 15:46:05 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2012-12-28 12:32:33 | 000,000,900 | ---- | M] () -- C:\WINNT\System32\KGyGaAvL.sys
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2012-12-27 21:31:08 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) -- C:\WINNT\System32\drivers\sptd.sys
[2012-12-25 19:37:42 | 004,389,435 | ---- | M] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:35:53 | 005,012,686 | R--- | M] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-24 13:27:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-24 11:08:24 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-22 21:16:09 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-22 21:15:32 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-21 12:40:20 | 001,587,696 | ---- | M] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-21 12:38:52 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-12-20 22:51:53 | 001,700,756 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:49 | 000,062,208 | ---- | M] () -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys
[2012-12-20 16:28:19 | 000,412,088 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-20 14:07:39 | 000,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2012-12-20 14:04:58 | 000,016,608 | ---- | M] () -- C:\WINNT\gdrv.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | M] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:51 | 000,107,011 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:31 | 000,038,007 | ---- | M] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-11 23:37:13 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | M] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:53 | 000,003,084 | ---- | M] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:33 | 000,028,958 | ---- | M] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-06 13:57:26 | 000,129,056 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2012-12-06 13:54:44 | 000,427,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012-12-05 23:05:38 | 000,781,782 | ---- | M] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 21:06:50 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 12:53:17 | 000,634,272 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:35:16 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2012-12-03 14:35:00 | 000,682,280 | ---- | M] () -- C:\WINNT\System32\pbsvc.exe
[2012-12-03 14:06:36 | 000,000,377 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-12-03 14:04:16 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:01:42 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:09 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:49 | 000,026,725 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-11-22 16:59:17 | 000,995,059 | ---- | M] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-15 16:32:28 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-31 13:44:02 | 000,002,885 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
[2012-12-30 17:48:00 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-12-30 14:48:03 | 000,437,660 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-27 21:56:06 | 000,002,176 | ---- | C] () -- C:\kopia rejj.reg
[2012-12-25 19:37:31 | 004,389,435 | ---- | C] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:43:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012-12-24 13:43:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012-12-24 13:43:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012-12-24 13:43:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012-12-24 13:43:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012-12-24 13:27:04 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-21 12:49:39 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-20 22:51:51 | 001,700,756 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:49 | 000,062,208 | ---- | C] () -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:01:30 | 000,051,254 | ---- | C] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | C] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:50 | 000,107,011 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk
[2012-12-15 19:51:01 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:30 | 000,038,007 | ---- | C] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-09 19:11:20 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | C] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:52 | 000,003,084 | ---- | C] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:32 | 000,028,958 | ---- | C] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-05 23:04:27 | 000,781,782 | ---- | C] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 12:53:15 | 000,634,272 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:06:35 | 000,000,377 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-12-03 14:03:21 | 000,000,548 | -H-- | C] () -- C:\WINNT\tasks\OptimizerProUpdaterTask{DB53F509-889B-4D09-8CC4-AD4D7A216639}.job
[2012-11-28 17:04:09 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:48 | 000,026,725 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-28 01:29:08 | 000,465,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-11-22 16:59:16 | 000,995,059 | ---- | C] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-18 15:31:32 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2012-11-10 12:15:37 | 001,587,696 | ---- | C] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-11-10 12:15:10 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-11-08 15:27:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Audacity.lnk
[2012-10-24 13:38:27 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
[2012-10-24 13:38:26 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb1.bin
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb0.bin
[2012-10-20 13:47:56 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\nvdrssel.bin
[2012-10-20 13:47:28 | 002,811,988 | ---- | C] () -- C:\WINNT\System32\nvdata.data
[2012-10-20 13:47:26 | 004,494,208 | ---- | C] () -- C:\WINNT\System32\nv4_disp.dll
[2012-09-22 09:49:25 | 000,682,280 | ---- | C] () -- C:\WINNT\System32\pbsvc.exe
[2012-07-04 08:52:17 | 000,558,133 | ---- | C] () -- C:\WINNT\System32\sqlite3.dll
[2012-03-15 18:09:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\troll.jpg
[2011-12-11 21:32:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\1.bmp
[2011-12-09 01:35:14 | 000,338,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-413027322-839522115-1003-0.dat
[2011-10-07 23:59:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CoD2MP_s.exe
[2011-10-07 23:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Call_of_Duty_2_1.3_MP_Server_fix.3512889.TPB.torrent
[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat
[2011-07-28 22:18:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG4464.JPG
[2011-07-28 13:03:15 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\FsUsbExDevice.Dll
[2011-07-28 13:03:15 | 000,036,608 | ---- | C] () -- C:\WINNT\System32\FsUsbExDisk.Sys
[2011-07-28 13:03:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\$_hpcst$.hpc
[2011-07-01 01:20:32 | 000,391,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-05-29 17:54:23 | 000,088,352 | ---- | C] () -- C:\WINNT\System32\mlfcache.dat
[2011-05-12 21:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Nowy dokument sformatowany.rtf
[2011-03-31 23:06:05 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011-03-31 23:05:59 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011-03-31 23:05:58 | 000,000,590 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2011-03-31 23:05:57 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011-03-24 23:38:04 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\alex\.recently-used.xbel
[2011-01-31 13:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Zdjęcie0069.jpg
[2011-01-31 13:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Obraz 045.jpg
[2011-01-15 17:20:14 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\drivers\VClone.sys
[2010-12-04 17:27:17 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2010-11-30 22:48:59 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2010-11-30 22:48:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\31F65979B0.sys
[2010-10-26 20:37:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1800.JPG
[2010-10-26 20:37:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1792.JPG
[2010-10-26 20:37:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1791.JPG
[2010-10-26 20:37:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1785.JPG
[2010-08-18 22:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\popov- in da man of my city.mp3
[2010-07-11 19:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\DSC00371.JPG
[2010-05-22 20:07:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;49;12.JPG
[2010-05-22 20:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;48;02.JPG
[2010-05-22 20:05:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;47;26.JPG
[2010-02-14 09:56:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\lesiu.jpg
[2009-12-01 19:54:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2009-11-26 13:42:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\bez tytułu.bmp
[2009-11-07 18:45:36 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-24 20:22:33 | 000,129,056 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-24 12:46:01 | 002,656,656 | -H-- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-24 12:41:06 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\alex\ntuser.ini
[2009-10-24 12:41:04 | 018,612,224 | -H-- | C] () -- C:\Documents and Settings\alex\NTUSER.DAT

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010-04-08 17:24:32 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
[2012-12-24 10:38:04 | 000,005,120 | -HS- | M] () -- C:\WINNT\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 01:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011-12-25 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.atanks
[2012-12-07 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.minecraft
[2012-12-31 12:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Akuh
[2009-11-21 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\AlcaTech
[2012-12-29 12:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Amlie
[2011-01-29 12:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ashampoo
[2010-09-28 19:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Astroburn Lite
[2012-11-09 20:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2011-06-30 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Autodesk
[2012-12-21 12:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\AVG Secure Search
[2012-12-04 13:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Babylon
[2012-05-03 17:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\BabylonToolbar
[2010-01-21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011-12-28 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Blender Foundation
[2010-07-23 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Bricsys
[2010-12-28 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Canneverbe Limited
[2010-08-05 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Chinaweal Longteng
[2012-01-24 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Cool Record Edit Pro
[2009-10-24 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools
[2012-12-27 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Lite
[2011-05-06 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Pro
[2010-05-12 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Expressivo
[2012-12-26 12:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\foobar2000
[2011-05-02 22:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Free Sound Recorder
[2010-04-09 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FreeAudioPack
[2012-11-30 11:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Funmoods
[2012-06-24 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FunnyGames
[2012-09-21 07:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gadu-Gadu 10
[2011-10-07 17:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GameRanger
[2012-03-07 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GetRightToGo
[2009-11-23 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GHISLER
[2011-03-24 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\gtk-2.0
[2012-12-14 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2012-12-19 18:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ikach
[2011-06-06 16:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\imeshbandmltbpi
[2009-11-21 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\InterTrust
[2009-10-24 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\invibes
[2012-11-03 22:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\ipla
[2011-03-01 17:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\IVONA ControlCenter
[2012-12-14 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Lepayg
[2012-05-03 14:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Media Finder
[2009-10-24 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Nowe Gadu-Gadu
[2012-12-27 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenCandy
[2010-02-23 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenFM
[2012-12-05 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2011-03-16 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Opera
[2011-07-28 13:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PC Suite
[2012-12-04 17:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PerformerSoft
[2010-07-19 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PhotoFiltre
[2012-12-30 17:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PriceGong
[2010-12-07 18:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\RDRM
[2011-07-28 13:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Samsung
[2012-11-28 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-12-19 18:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Tahomu
[2012-05-04 12:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TeamViewer
[2012-12-16 12:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Toolbar4
[2012-12-27 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2010-05-11 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ulead Systems
[2012-12-27 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\uTorrent
[2011-02-07 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\VDownloader
[2011-05-29 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2737A
[2009-11-21 23:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlcaTech
[2011-01-29 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-09-28 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite
[2012-07-08 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2012-12-30 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
[2011-09-13 19:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2012-12-09 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bcool
[2011-07-01 10:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
[2010-12-28 21:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2012-03-29 20:53:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-12-27 21:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-12-08 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Freemake
[2010-12-07 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-12-04 12:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService
[2012-12-16 12:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2010-12-07 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-08 15:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2011-08-10 15:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2012-12-05 11:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Performer Manager
[2011-07-28 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2012-12-16 12:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2012-03-29 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate
[2010-12-19 12:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate Collection
[2012-12-03 14:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium
[2012-12-09 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SaveAs
[2012-12-16 12:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SimilarSites
[2010-05-11 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc
[2012-12-16 12:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
[2012-10-02 17:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
[2012-09-30 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2012-12-27 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-09 10:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-08-25 21:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-12-27 21:10:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011-11-25 09:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\antex\Dane aplikacji\mediabarim
[2012-12-27 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Dane aplikacji\TuneUp Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-05-03 14:23:53 | 000,001,204 | ---- | M] () -- C:\1.txt
[2012-10-20 10:50:30 | 155,576,680 | ---- | M] (NVIDIA Corporation) -- C:\306.81-desktop-winxp-32bit-international-whql.exe
[2012-09-21 07:17:12 | 000,702,281 | ---- | M] () -- C:\a1_geog.pdf
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-10-24 12:33:11 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-11 14:49:35 | 000,475,490 | ---- | M] () -- C:\cc_20101111_144910.reg
[2010-11-11 14:49:52 | 000,003,986 | ---- | M] () -- C:\cc_20101111_144946.reg
[2012-10-20 20:27:04 | 000,002,233 | ---- | M] () -- C:\CIAGI.PAS
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-24 12:49:42 | 000,000,143 | ---- | M] () -- C:\csb.log
[2012-10-20 12:33:05 | 006,081,842 | ---- | M] (Treexy ) -- C:\driver_fusion_1.2.0.exe
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-09-20 19:19:16 | 000,003,868 | ---- | M] () -- C:\KALKU.BAK
[2012-09-26 18:23:19 | 000,011,888 | ---- | M] () -- C:\KALKU.EXE
[2012-09-20 19:27:08 | 000,004,194 | ---- | M] () -- C:\KALKU.PAS
[2012-09-20 18:53:55 | 000,007,645 | ---- | M] () -- C:\KALKU.rar
[2010-07-15 18:12:56 | 000,000,000 | RHS- | M] () -- C:\khx
[2010-08-10 23:16:11 | 000,000,000 | RHS- | M] () -- C:\khy
[2012-04-22 10:28:50 | 003,523,817 | ---- | M] () -- C:\Kombii - Pokolenie pobrano z ulub_pl.mp3
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2010-04-19 13:54:40 | 076,119,274 | ---- | M] () -- C:\kopiazapasowa.reg
[2012-10-09 21:31:31 | 000,909,662 | ---- | M] () -- C:\Kopia_zapasowa_wiz.cdr
[2012-10-02 00:03:00 | 001,314,648 | ---- | M] () -- C:\Kopia_zapasowa_yuytu.cdr
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 23:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2012-12-31 14:09:15 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012-10-20 17:17:52 | 000,057,344 | ---- | M] () -- C:\pascal.ppt
[2012-12-06 00:17:40 | 000,791,552 | ---- | M] () -- C:\Pascal2.ppt
[2012-02-13 21:20:12 | 150,938,644 | ---- | M] () -- C:\Pawel Presents Trance Music vol.1.mp3
[2012-06-09 09:19:34 | 004,124,453 | ---- | M] () -- C:\presents 1.mp3
[2012-01-18 20:19:29 | 000,004,976 | ---- | M] () -- C:\PROGRAMM.EXE
[2012-01-18 20:12:20 | 000,000,386 | ---- | M] () -- C:\PROGRAMM.PAS
[2009-10-24 12:48:01 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2011-07-15 10:34:26 | 252,483,264 | ---- | M] () -- C:\S7302579.AVI
[2011-07-16 20:42:20 | 000,082,433 | ---- | M] () -- C:\saac1.2.zip
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-30 16:38:03 | 000,000,122 | ---- | M] () -- C:\service.log
[2012-07-03 10:45:56 | 001,587,696 | ---- | M] () -- C:\SetupVirtualCloneDrive5450.exe
[2011-09-14 21:00:06 | 115,729,182 | ---- | M] () -- C:\sysisie.rar
[2011-08-24 15:22:24 | 000,096,167 | ---- | M] () -- C:\Tabela 355 z dnia 27.07.11-zamkn. 1-31.08.11.xls.pdf
[2012-10-10 20:05:18 | 000,001,358 | ---- | M] () -- C:\TABELICE.BAK
[2012-10-10 20:20:15 | 000,005,328 | ---- | M] () -- C:\TABELICE.EXE
[2012-10-10 20:20:12 | 000,001,479 | ---- | M] () -- C:\TABELICE.PAS
[2012-05-04 12:18:34 | 004,586,328 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup.exe
[2012-01-02 22:34:36 | 000,421,020 | ---- | M] () -- C:\untitled.blend
[2012-01-02 16:23:23 | 000,413,592 | ---- | M] () -- C:\untitled.blend1
[2012-01-02 16:15:53 | 000,413,592 | ---- | M] () -- C:\untitled.blend2
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-10-02 17:06:19 | 000,000,794 | ---- | M] () -- C:\user.js
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-10-27 13:04:22 | 000,029,962 | ---- | M] () -- C:\Wheels0079_thumbhuge.jpg
[2011-10-09 21:46:11 | 082,870,453 | ---- | M] () -- C:\Wideo030.mp4
[2011-10-09 21:49:02 | 031,052,725 | ---- | M] () -- C:\Wideo031.mp4
[2011-12-24 12:55:18 | 363,715,223 | ---- | M] () -- C:\Wigilia Klasowa 2011.rar
[2012-10-10 20:31:16 | 000,076,434 | ---- | M] () -- C:\wiz.cdr
[2012-10-12 06:36:33 | 000,181,626 | ---- | M] () -- C:\wiz12.cdr
[2012-10-02 21:09:41 | 001,314,970 | ---- | M] () -- C:\yuytu.cdr
[2012-10-09 21:39:08 | 000,013,814 | ---- | M] () -- C:\zapro.cdr
[2012-04-20 14:17:50 | 003,394,278 | ---- | M] () -- C:\[www.dloader.pl]bashunter_-_now_you_re_gone.mp3
[2012-04-20 13:51:50 | 001,599,143 | ---- | M] () -- C:\[www.dloader.pl]basshunter_-_all_i_ever_wanted.mp3

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 00:47:36 | 000,004,224 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINNT\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-04 00:14:30 | 000,182,912 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINNT\system32\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

< End of report >[/log]

EXT
[log]OTL Extras logfile created on: 2012-12-31 15:28:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 84,36% Memory free
3,85 Gb Paging File | 3,73 Gb Available in Paging File | 96,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 3,02 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 12,64 Gb Free Space | 10,79% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 14,87 Gb Free Space | 11,26% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,72 Gb Free Space | 37,82% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\KONAMI\Pro Evolution Soccer 2012\pes2012.exe" = E:\Program Files\KONAMI\Pro Evolution Soccer 2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012 -- (Konami Digital Entertainment Co., Ltd.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel® Integrated Performance Primitives RTI 4.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1326
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.126
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = OnlineHDTV
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALLPlayer_is1" = ALLPlayer V4.X
"AP Suggestor" = AP Suggestor
"Audacity_is1" = Audacity 2.0.2
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Elasto Mania" = Elasto Mania
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Expressivo" = Expressivo
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter wersja 3.0.0
"FreeSoundRecorder Toolbar" = FreeSoundRecorder Toolbar
"Gadu-Gadu 10" = Gadu-Gadu 10
"Hardcore" = Hardcore
"Historyczna mapa polskiej sieci kolejowej_is1" = Rail Map 2.2
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IL Download Manager" = IL Download Manager
"ImageHelper 1.01" = ImageHelper 1.01
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"ipla" = ipla 2.2.1
"IrfanView" = IrfanView (remove only)
"IVONA ControlCenter" = IVONA ControlCenter
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Lexmark 640 Series" = Lexmark 640 Series
"LiveVDO plugin" = LiveVDO plugin 1.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0
"Łatka polonizacyjna GTA IV: The Lost and Damned v1.1 oraz GTA IV: The Ballad of Gay Tony v1.0" = Łatka polonizacyjna GTA IV: The Lost and Damned v1.1 oraz GTA IV: The Ballad of Gay Tony v1.0
"Mafia 2_is1" = Mafia 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixed In Key" = Mixed In Key 2.5
"MixVibesProducerDemo.exe" = MixVibes PRODUCER DEMO uninstall
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notowania OnLine 3.0 DM BZWBK S.A._is1" = Notowania OnLine 3.0 DM BZWBK S.A.
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"OptimizerPro" = OptimizerPro
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"Runway Designer" = Runway Designer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"TrainzObjectz_is1" = TrainzObjectz 6.0 Build 544
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-29 11:58:36 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:47 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 06:58:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-30 09:54:33 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd acrord32.exe, wersja 5.0.1.329, moduł powodujący
błąd acrord32.exe, wersja 5.0.1.329, adres błędu 0x0014f885.

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 11:38:02 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-31 07:32:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

[ System Events ]
Error - 2012-12-31 08:41:26 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 08:43:40 | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2012-12-31 08:43:40 | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2012-12-31 08:43:40 | Computer Name = ALEX | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2012-12-31 08:43:40 | Computer Name = ALEX | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2012-12-31 08:44:51 | Computer Name = ALEX | Source = DCOM | ID = 10010
Description = Serwer {F25AF245-4A81-40DC-92F9-E9021F207706} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2012-12-31 08:49:53 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 08:59:06 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 09:04:02 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 09:07:47 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >[/log]

wirusolog
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w sekcji [b]Własne opcje skanowania / skrypt[/b] wklej:

[quote]:OTL
O32 - AutoRun File - [2010-07-03 10:57:00 | 000,000,598 | RHS- | M] () - I:\autorun.inf -- [ FAT ]
O18 - Protocol\Handler\brx - No CLSID value found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.micr...78f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O3 - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
SRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
SRV - [2012-12-20 16:28:23 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\WINNT\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}\syshost.exe -- (syshost32)
SRV - [2012-12-30 16:32:02 | 000,203,176 | ---- | M] (Корпорация Майкрософт) [Disabled | Stopped] -- C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe -- (winmgmt)
[2012-12-31 13:58:06 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-12-31 13:44:02 | 000,002,885 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
NetSvcs: winmgmt - C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe (Корпорация Майкрософт)
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk - - File not found

:Files
C:\WINNT\tasks\*.job
netsh firewall reset /C
netsh winsock reset /C
C:\WINNT\assembly\Desktop.ini
C:\WINNT\assembly\GAC\Desktop.ini

:Commands
[emptytemp][/quote]
Klik w [b]Wykonaj skrypt[/b]. System zostanie zrestartowany.

[b]2.[/b] Odinstaluj: [b]SweetPacks Toolbar for Internet Explorer / MyAshampoo Toolbar / FreeSoundRecorder Toolbar / AVG Security Toolbar / StartSearchToolBar[/b]

[b]3.[/b] Uruchom [url="http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner"][color=#1072E0][b]AdwCleaner[/b][/color][/url] i zastosuj [b]Delete[/b]. Na dysku C powstanie log z usuwania.

[b]4.[/b] Daj log z > [url="http://thisisudax.org/downloads/JRT.exe"][b][color=blue][u]Junkware Removal Tool[/u][/color][/b][/url] (może być wykrywane jako zagrożenie - zignoruj).

[b]5.[/b] Zrób nowy log OTL z opcji [b]Skanuj[/b]. Dołącz raport z usuwania OTLem + raport z czyszczenia z AdwCleaner + raport z JRT i nowy komplet logów z OTL.

  • Dobra wypowiedź 1
kamann
komentarz
komentarz (edytowane)

OTL
[log]OTL logfile created on: 2012-12-31 16:46:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,33% Memory free
3,85 Gb Paging File | 3,70 Gb Available in Paging File | 96,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,93 Gb Free Space | 34,66% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,55 Gb Free Space | 12,42% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,71 Gb Free Space | 37,75% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
PRC - [2004-08-04 01:44:24 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\pchealth\helpctr\binaries\msconfig.exe
PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004-08-04 01:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ctfmon.exe
PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
MOD - [2012-06-09 18:20:02 | 000,168,448 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011-05-14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010-11-18 17:08:12 | 000,055,808 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2010-06-17 14:27:22 | 000,086,376 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\shlext.dll
MOD - [2010-04-16 17:09:02 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wininet.dll
MOD - [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shdocvw.dll
MOD - [2010-04-16 17:09:01 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\urlmon.dll
MOD - [2010-04-16 17:08:59 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browseui.dll
MOD - [2010-03-18 12:16:28 | 006,730,056 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v4.0.30319\clr.dll
MOD - [2010-03-18 12:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcr100_clr0400.dll
MOD - [2010-03-18 12:16:28 | 000,413,008 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2009-12-24 08:04:53 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wintrust.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shlwapi.dll
MOD - [2009-11-07 00:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mscoree.dll
MOD - [2009-11-07 00:06:46 | 001,130,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dfshim.dll
MOD - [2009-09-11 15:19:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msv1_0.dll
MOD - [2009-09-04 22:05:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msasn1.dll
MOD - [2009-08-13 14:56:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009-07-31 05:35:11 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msxml3.dll
MOD - [2009-07-17 20:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\atl.dll
MOD - [2009-07-12 00:02:02 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
MOD - [2009-07-12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009-07-12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2009-07-11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009-06-25 09:27:54 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsasrv.dll
MOD - [2009-06-25 09:27:54 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kerberos.dll
MOD - [2009-06-25 09:27:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\schannel.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\secur32.dll
MOD - [2009-06-25 09:27:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdigest.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kernel32.dll
MOD - [2009-03-10 21:18:06 | 000,265,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WgaLogon.dll
MOD - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\advapi32.dll
MOD - [2009-02-09 11:53:44 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcss.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdll.dll
MOD - [2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netlogon.dll
MOD - [2008-12-16 13:32:33 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winhttp.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\gdi32.dll
MOD - [2008-10-15 17:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netapi32.dll
MOD - [2008-07-25 10:17:02 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Culture.dll
MOD - [2008-07-25 10:17:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
MOD - [2008-06-24 17:46:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mscms.dll
MOD - [2008-06-20 18:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dnsapi.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shell32.dll
MOD - [2008-05-19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msi.dll
MOD - [2008-05-09 11:56:45 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\jscript.dll
MOD - [2006-11-24 10:21:30 | 001,721,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
MOD - [2006-10-26 23:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006-10-26 23:48:40 | 001,555,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MOD - [2006-10-26 23:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006-10-26 23:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006-10-26 23:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006-10-26 19:12:30 | 000,061,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
MOD - [2006-10-18 20:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WPDShServiceObj.dll
MOD - [2006-10-18 20:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceApi.dll
MOD - [2006-10-18 20:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceTypes.dll
MOD - [2006-05-13 15:29:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc_os.dll
MOD - [2006-05-13 15:26:21 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\umpnpmgr.dll
MOD - [2006-05-13 15:25:54 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ole32.dll
MOD - [2006-05-13 15:25:30 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\clbcatq.dll
MOD - [2006-05-13 15:25:06 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\icm32.dll
MOD - [2006-05-13 15:23:57 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\linkinfo.dll
MOD - [2006-05-13 15:22:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\user32.dll
MOD - [2006-05-13 15:21:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\authz.dll
MOD - [2006-05-13 15:20:25 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\AppPatch\AcGenral.dll
MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winspool.drv
MOD - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
MOD - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
MOD - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe
MOD - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
MOD - [2004-08-04 01:44:24 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\pchealth\helpctr\binaries\msconfig.exe
MOD - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
MOD - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
MOD - [2004-08-04 01:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ctfmon.exe
MOD - [2004-08-04 01:44:16 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winmm.dll
MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wldap32.dll
MOD - [2004-08-04 01:44:16 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winscard.dll
MOD - [2004-08-04 01:44:16 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wlnotify.dll
MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2_32.dll
MOD - [2004-08-04 01:44:16 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winsta.dll
MOD - [2004-08-04 01:44:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2help.dll
MOD - [2004-08-04 01:44:16 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wtsapi32.dll
MOD - [2004-08-04 01:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\userenv.dll
MOD - [2004-08-04 01:44:14 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sxs.dll
MOD - [2004-08-04 01:44:14 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\themeui.dll
MOD - [2004-08-04 01:44:14 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\webcheck.dll
MOD - [2004-08-04 01:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\uxtheme.dll
MOD - [2004-08-04 01:44:14 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\w32time.dll
MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\version.dll
MOD - [2004-08-04 01:44:12 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimgvw.dll
MOD - [2004-08-04 01:44:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shsvcs.dll
MOD - [2004-08-04 01:44:12 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stobject.dll
MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srclient.dll
MOD - [2004-08-04 01:44:12 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimeng.dll
MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\setupapi.dll
MOD - [2004-08-04 01:44:10 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\printui.dll
MOD - [2004-08-04 01:44:10 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samsrv.dll
MOD - [2004-08-04 01:44:10 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scesrv.dll
MOD - [2004-08-04 01:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samlib.dll
MOD - [2004-08-04 01:44:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regapi.dll
MOD - [2004-08-04 01:44:10 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rtutils.dll
MOD - [2004-08-04 01:44:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\profmap.dll
MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\psapi.dll
MOD - [2004-08-04 01:44:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\powrprof.dll
MOD - [2004-08-04 01:44:10 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc.dll
MOD - [2004-08-04 01:44:08 | 001,714,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netshell.dll
MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleaut32.dll
MOD - [2004-08-04 01:44:08 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbc32.dll
MOD - [2004-08-04 01:44:08 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui1.dll
MOD - [2004-08-04 01:44:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nwprovau.dll
MOD - [2004-08-04 01:44:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntshrui.dll
MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntmarta.dll
MOD - [2004-08-04 01:44:08 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mydocs.dll
MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\olepro32.dll
MOD - [2004-08-04 01:44:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui0.dll
MOD - [2004-08-04 01:44:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdsapi.dll
MOD - [2004-08-04 01:44:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntlanman.dll
MOD - [2004-08-04 01:44:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ncobjapi.dll
MOD - [2004-08-04 01:44:08 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nddeapi.dll
MOD - [2004-08-04 01:44:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
MOD - [2004-08-04 01:44:06 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msgina.dll
MOD - [2004-08-04 01:44:06 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msftedit.dll
MOD - [2004-08-04 01:44:06 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll
MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcrt.dll
MOD - [2004-08-04 01:44:06 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.dll
MOD - [2004-08-04 01:44:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msutb.dll
MOD - [2004-08-04 01:44:06 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msimg32.dll
MOD - [2004-08-04 01:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mlang.dll
MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSCTF.dll
MOD - [2004-08-04 01:44:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msacm32.dll
MOD - [2004-08-04 01:44:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mpr.dll
MOD - [2004-08-04 01:44:02 | 001,024,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mfc42u.dll
MOD - [2004-08-04 01:44:02 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\iphlpapi.dll
MOD - [2004-08-04 01:44:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imagehlp.dll
MOD - [2004-08-04 01:43:58 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\duser.dll
MOD - [2004-08-04 01:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
MOD - [2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\eventlog.dll
MOD - [2004-08-04 01:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comres.dll
MOD - [2004-08-04 01:43:56 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comctl32.dll
MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\crypt32.dll
MOD - [2004-08-04 01:43:56 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptui.dll
MOD - [2004-08-04 01:43:56 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscui.dll
MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comdlg32.dll
MOD - [2004-08-04 01:43:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\credui.dll
MOD - [2004-08-04 01:43:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscdll.dll
MOD - [2004-08-04 01:43:56 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptdll.dll
MOD - [2004-08-04 01:43:56 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\davclnt.dll
MOD - [2004-08-04 01:43:56 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drprov.dll
MOD - [2004-08-04 01:43:54 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\apphelp.dll
MOD - [2004-08-04 01:43:54 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\batmeter.dll
MOD - [2004-08-04 01:43:52 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\activeds.dll
MOD - [2004-08-04 01:43:52 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\adsldpc.dll
MOD - [2004-08-04 01:43:30 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\xpsp2res.dll
MOD - [2004-08-04 01:43:20 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shdoclc.dll
MOD - [2004-08-04 01:43:14 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbcint.dll
MOD - [2004-08-04 01:43:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msprivs.dll
MOD - [2004-08-04 01:42:42 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cfgmgr32.dll
MOD - [2004-08-04 01:42:40 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browselc.dll
MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2004-08-03 23:31:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rsaenh.dll
MOD - [2001-10-26 20:28:30 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mfc42loc.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
SRV - [2012-12-10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-12-04 17:06:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-23 15:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-30 20:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-06-29 08:31:06 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-05-05 12:21:33 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009-03-31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINNT\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007-12-14 10:46:28 | 000,047,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys -- (75a9b1f9d00a74c0)
DRV - [2012-12-20 14:04:58 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\gdrv.sys -- (gdrv)
DRV - [2011-06-29 08:31:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-06-29 08:31:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009-03-18 16:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-02-14 10:04:06 | 004,676,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008-01-03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-10-11 10:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004-08-04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001-08-18 00:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-18 00:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - SOFTWARE\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - SOFTWARE\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}\InprocServer32 File not found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{E85E867A-F76D-4DB2-BE19-B12E445C7D79}: "URL" = [url="https://isearch.avg.com/search?cid={9A8BB263-AF77-4C51-BE34-F9299CC12489}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=en&ds=ft011&pr=sa&d=2012-03-29"]https://isearch.avg....sa&d=2012-03-29[/url] 21:54:24&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011-12-08 21:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-31 16:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-31 16:27:36 | 000,000,000 | ---D | M]

[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Extensions
[2012-12-09 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions
[2012-11-19 16:00:28 | 000,215,985 | ---- | M] () (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2010-03-05 15:53:07 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\web-search.xml
[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-27 19:16:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALEX\DANE APLIKACJI\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH\FIREFOXEXT\13.3.0.17
[2011-12-08 21:51:51 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012-04-29 11:50:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-07-18 07:47:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINNT\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-12-04 17:06:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-29 11:50:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-25 12:19:26 | 000,081,920 | ---- | M] (COMARCH S.A.) -- C:\Program Files\mozilla firefox\plugins\npNOL3_ns8_mozilla.dll
[2011-11-11 10:43:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-11-11 10:43:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-11-11 10:43:08 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-11-11 10:43:08 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-11-11 10:43:08 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-11-11 10:43:08 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-03-01 17:54:50 | 000,000,884 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 87.229.126.88 www.google.com
O1 - Hosts: 87.229.126.89 www.bing.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-30 20:27:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-10-24 12:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 20:35:30 | 000,000,000 | ---D | M] - E:\Automap -- [ NTFS ]
O33 - MountPoints2\{046c618c-0bd5-11e2-9d26-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{046c618c-0bd5-11e2-9d26-001fd05fed62}\Shell\AutoRun\command - "" = H:\MicroLauncher.exe
O33 - MountPoints2\{5c4429dc-9d55-11df-9b05-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{5c4429dc-9d55-11df-9b05-001fd05fed62}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL default.htm
O33 - MountPoints2\{e28c190a-4f32-11e0-9984-001fd05fed62}\Shell - "" = AutoRun
O33 - MountPoints2\{e28c190a-4f32-11e0-9984-001fd05fed62}\Shell\AutoRun\command - "" = O:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: wmdmpmsp - File not found

MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WudfSvc"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WPFFontCache_v0400"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "Wmi"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "WMDM PMSP Service"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "winmgmt"
MsConfig - Services: "WebClient"
MsConfig - Services: "W32Time"
MsConfig - Services: "vToolbarUpdater13.3.2"
MsConfig - Services: "VSS"
MsConfig - Services: "UPS"
MsConfig - Services: "upnphost"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TlntSvr"
MsConfig - Services: "Themes"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "SysmonLog"
MsConfig - Services: "syshost32"
MsConfig - Services: "SwPrv"
MsConfig - Services: "stisvc"
MsConfig - Services: "Steam Client Service"
MsConfig - Services: "SSDPSRV"
MsConfig - Services: "srservice"
MsConfig - Services: "Spooler"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "SENS"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "PolicyAgent"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "PlugPlay"
MsConfig - Services: "PC Performer Manager"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NwSapAgent"
MsConfig - Services: "NWCWorkstation"
MsConfig - Services: "nvUpdatusService"
MsConfig - Services: "NVSvc"
MsConfig - Services: "NtmsSvc"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "NMSAccess"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MSIServer"
MsConfig - Services: "MSDTC"
MsConfig - Services: "MozillaMaintenance"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "LmHosts"
MsConfig - Services: "LexBceS"
MsConfig - Services: "lanmanworkstation"
MsConfig - Services: "lanmanserver"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HTTPFilter"
MsConfig - Services: "HidServ"
MsConfig - Services: "helpsvc"
MsConfig - Services: "Hamachi2Svc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "GEST Service"
MsConfig - Services: "FsUsbExService"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "Eventlog"
MsConfig - Services: "ERSvc"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "Dhcp"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v4.0.30319_32"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "AudioSrv"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - Services: "ALG"
MsConfig - Services: "Alerter"
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Eduvdaanog[/b] - hkey= - key= - C:\Documents and Settings\alex\Dane aplikacji\Ikach\awte.exe ()
MsConfig - StartUpReg: [b]Efruqynya[/b] - hkey= - key= - C:\Documents and Settings\alex\Dane aplikacji\Lepayg\izasz.exe (Корпорация Майкрософт)
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]GEST[/b] - hkey= - key= - C:\Program Files\GIGABYTE\GEST\run.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]HF_G_Jul[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]ISUSPM Startup[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]ISUSScheduler[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]IVONA ControlCenter[/b] - hkey= - key= - C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: [b]Media Finder[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NPSStartup[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
MsConfig - StartUpReg: [b]PCSpeedUp[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]Realtime Audio Engine[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]RGSC[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ROC_ROC_JULY_P1[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]Tutorials[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]USBToolTip[/b] - hkey= - key= - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: [b]vProt[/b] - hkey= - key= - File not found
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: fsproflt - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: fsproflt - Reg Error: Value error.
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-12-31 16:34:21 | 000,000,000 | ---D | C] -- C:\WINNT\ERUNT
[2012-12-31 16:34:17 | 000,000,000 | ---D | C] -- C:\JRT
[2012-12-31 16:34:11 | 000,497,009 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\alex\Pulpit\JRT.exe
[2012-12-31 16:01:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-31 15:20:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-27 21:30:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\alex\Recent
[2012-12-27 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-24 13:43:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012-12-24 13:43:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012-12-24 13:43:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012-12-24 13:43:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012-12-24 13:43:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-12-24 13:39:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-24 13:39:02 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012-12-24 13:35:45 | 005,012,686 | R--- | C] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-24 13:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\HiJackThis
[2012-12-24 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-12-24 11:08:19 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-21 12:50:12 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-21 12:40:39 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-21 12:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012-12-20 16:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-12-20 16:28:18 | 000,412,088 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Tahomu
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Ikach
[2012-12-19 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Akuh
[2012-12-16 12:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SimilarSites
[2012-12-16 12:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\backburner
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Lepayg
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Amlie
[2012-12-11 15:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi
[2012-12-07 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft
[2012-12-07 21:37:34 | 000,000,000 | ---D | C] -- C:\Users
[2012-12-07 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-12-07 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2012-12-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2012-12-04 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-12-04 21:06:50 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 13:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
[2012-12-04 12:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-12-03 14:04:15 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:03:16 | 000,000,000 | ---D | C] -- C:\Windows
[2012-12-03 14:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bcool
[2012-12-03 14:01:42 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\The KMPlayer
[2012-11-28 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2012-11-28 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-11-23 15:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\uTorrentControl2
[2012-11-23 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design
[2012-11-23 15:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\FreeSoundRecorder
[2012-11-23 15:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\MyAshampoo
[2012-11-23 15:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2012-11-18 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012-11-08 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\Fraps
[2012-11-08 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2012-11-08 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011-07-18 21:54:32 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011-07-18 21:54:32 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-12-31 16:32:44 | 000,497,009 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\alex\Pulpit\JRT.exe
[2012-12-31 16:30:01 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012-12-31 16:28:30 | 018,612,224 | -H-- | M] () -- C:\Documents and Settings\alex\NTUSER.DAT
[2012-12-31 16:28:30 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\alex\ntuser.ini
[2012-12-31 16:14:18 | 000,551,997 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-31 14:07:45 | 000,001,058 | ---- | M] () -- C:\WINNT\win.ini
[2012-12-31 14:07:45 | 000,000,356 | ---- | M] () -- C:\WINNT\system.ini
[2012-12-31 13:45:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2012-12-30 16:38:31 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012-12-30 16:35:29 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012-12-30 15:00:47 | 000,000,269 | ---- | M] () -- C:\WINNT\LEXSTAT.INI
[2012-12-30 14:48:58 | 000,437,660 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-29 12:03:16 | 001,262,840 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2012-12-29 12:03:16 | 000,558,466 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2012-12-29 12:03:16 | 000,495,958 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012-12-29 12:03:16 | 000,105,530 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2012-12-29 12:03:16 | 000,084,442 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012-12-28 12:32:33 | 000,000,900 | ---- | M] () -- C:\WINNT\System32\KGyGaAvL.sys
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2012-12-27 21:31:08 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) -- C:\WINNT\System32\drivers\sptd.sys
[2012-12-25 19:37:42 | 004,389,435 | ---- | M] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:35:53 | 005,012,686 | R--- | M] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-24 13:27:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-24 11:08:24 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-22 21:16:09 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-22 21:15:32 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-21 12:40:20 | 001,587,696 | ---- | M] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-21 12:38:52 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-12-20 22:51:53 | 001,700,756 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:49 | 000,062,208 | ---- | M] () -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys
[2012-12-20 16:28:19 | 000,412,088 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-20 14:07:39 | 000,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2012-12-20 14:04:58 | 000,016,608 | ---- | M] () -- C:\WINNT\gdrv.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | M] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:51 | 000,107,011 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:31 | 000,038,007 | ---- | M] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-11 23:37:13 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | M] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:53 | 000,003,084 | ---- | M] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:33 | 000,028,958 | ---- | M] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-06 13:57:26 | 000,129,056 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2012-12-06 13:54:44 | 000,427,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012-12-05 23:05:38 | 000,781,782 | ---- | M] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 21:06:50 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 12:53:17 | 000,634,272 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:35:16 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2012-12-03 14:35:00 | 000,682,280 | ---- | M] () -- C:\WINNT\System32\pbsvc.exe
[2012-12-03 14:06:36 | 000,000,377 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-12-03 14:04:16 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:01:42 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:09 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:49 | 000,026,725 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-11-22 16:59:17 | 000,995,059 | ---- | M] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-15 16:32:28 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-31 16:22:21 | 000,551,997 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-30 14:48:03 | 000,437,660 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-27 21:56:06 | 000,002,176 | ---- | C] () -- C:\kopia rejj.reg
[2012-12-25 19:37:31 | 004,389,435 | ---- | C] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:43:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012-12-24 13:43:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012-12-24 13:43:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012-12-24 13:43:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012-12-24 13:43:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012-12-24 13:27:04 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-21 12:49:39 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-20 22:51:51 | 001,700,756 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:49 | 000,062,208 | ---- | C] () -- C:\WINNT\System32\drivers\75a9b1f9d00a74c0.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:01:30 | 000,051,254 | ---- | C] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | C] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:50 | 000,107,011 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk
[2012-12-15 19:51:01 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:30 | 000,038,007 | ---- | C] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-09 19:11:20 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | C] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:52 | 000,003,084 | ---- | C] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:32 | 000,028,958 | ---- | C] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-05 23:04:27 | 000,781,782 | ---- | C] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 12:53:15 | 000,634,272 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:06:35 | 000,000,377 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-11-28 17:04:09 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:48 | 000,026,725 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-28 01:29:08 | 000,465,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-11-22 16:59:16 | 000,995,059 | ---- | C] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-10 12:15:37 | 001,587,696 | ---- | C] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-11-10 12:15:10 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-11-08 15:27:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Audacity.lnk
[2012-10-24 13:38:27 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
[2012-10-24 13:38:26 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb1.bin
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb0.bin
[2012-10-20 13:47:56 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\nvdrssel.bin
[2012-10-20 13:47:28 | 002,811,988 | ---- | C] () -- C:\WINNT\System32\nvdata.data
[2012-10-20 13:47:26 | 004,494,208 | ---- | C] () -- C:\WINNT\System32\nv4_disp.dll
[2012-09-22 09:49:25 | 000,682,280 | ---- | C] () -- C:\WINNT\System32\pbsvc.exe
[2012-07-04 08:52:17 | 000,558,133 | ---- | C] () -- C:\WINNT\System32\sqlite3.dll
[2012-03-15 18:09:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\troll.jpg
[2011-12-11 21:32:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\1.bmp
[2011-12-09 01:35:14 | 000,338,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-413027322-839522115-1003-0.dat
[2011-10-07 23:59:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CoD2MP_s.exe
[2011-10-07 23:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Call_of_Duty_2_1.3_MP_Server_fix.3512889.TPB.torrent
[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat
[2011-07-28 22:18:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG4464.JPG
[2011-07-28 13:03:15 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\FsUsbExDevice.Dll
[2011-07-28 13:03:15 | 000,036,608 | ---- | C] () -- C:\WINNT\System32\FsUsbExDisk.Sys
[2011-07-28 13:03:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\$_hpcst$.hpc
[2011-07-01 01:20:32 | 000,391,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-05-29 17:54:23 | 000,088,352 | ---- | C] () -- C:\WINNT\System32\mlfcache.dat
[2011-05-12 21:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Nowy dokument sformatowany.rtf
[2011-03-31 23:06:05 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011-03-31 23:05:59 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011-03-31 23:05:58 | 000,000,590 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2011-03-31 23:05:57 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011-03-24 23:38:04 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\alex\.recently-used.xbel
[2011-01-31 13:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Zdjęcie0069.jpg
[2011-01-31 13:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Obraz 045.jpg
[2011-01-15 17:20:14 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\drivers\VClone.sys
[2010-12-04 17:27:17 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2010-11-30 22:48:59 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2010-11-30 22:48:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\31F65979B0.sys
[2010-10-26 20:37:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1800.JPG
[2010-10-26 20:37:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1792.JPG
[2010-10-26 20:37:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1791.JPG
[2010-10-26 20:37:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1785.JPG
[2010-08-18 22:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\popov- in da man of my city.mp3
[2010-07-11 19:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\DSC00371.JPG
[2010-05-22 20:07:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;49;12.JPG
[2010-05-22 20:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;48;02.JPG
[2010-05-22 20:05:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;47;26.JPG
[2010-02-14 09:56:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\lesiu.jpg
[2009-12-01 19:54:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2009-11-26 13:42:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\bez tytułu.bmp
[2009-11-07 18:45:36 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-24 20:22:33 | 000,129,056 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-24 12:46:01 | 002,656,656 | -H-- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-24 12:41:06 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\alex\ntuser.ini
[2009-10-24 12:41:04 | 018,612,224 | -H-- | C] () -- C:\Documents and Settings\alex\NTUSER.DAT

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010-04-08 17:24:32 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
[2012-12-24 10:38:04 | 000,005,120 | -HS- | M] () -- C:\WINNT\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 01:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011-12-25 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.atanks
[2012-12-07 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.minecraft
[2012-12-31 12:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Akuh
[2009-11-21 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\AlcaTech
[2012-12-29 12:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Amlie
[2011-01-29 12:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ashampoo
[2010-09-28 19:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Astroburn Lite
[2012-11-09 20:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2011-06-30 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Autodesk
[2010-01-21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011-12-28 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Blender Foundation
[2010-07-23 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Bricsys
[2010-12-28 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Canneverbe Limited
[2010-08-05 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Chinaweal Longteng
[2012-01-24 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Cool Record Edit Pro
[2009-10-24 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools
[2012-12-27 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Lite
[2011-05-06 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Pro
[2010-05-12 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Expressivo
[2012-12-26 12:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\foobar2000
[2011-05-02 22:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Free Sound Recorder
[2010-04-09 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FreeAudioPack
[2012-06-24 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FunnyGames
[2012-09-21 07:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gadu-Gadu 10
[2011-10-07 17:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GameRanger
[2012-03-07 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GetRightToGo
[2009-11-23 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GHISLER
[2011-03-24 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\gtk-2.0
[2012-12-14 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2012-12-19 18:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ikach
[2009-11-21 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\InterTrust
[2009-10-24 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\invibes
[2012-11-03 22:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\ipla
[2011-03-01 17:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\IVONA ControlCenter
[2012-12-14 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Lepayg
[2009-10-24 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Nowe Gadu-Gadu
[2010-02-23 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenFM
[2012-12-05 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2011-03-16 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Opera
[2011-07-28 13:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PC Suite
[2010-07-19 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PhotoFiltre
[2010-12-07 18:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\RDRM
[2011-07-28 13:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Samsung
[2012-11-28 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-12-19 18:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Tahomu
[2012-05-04 12:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TeamViewer
[2012-12-27 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2010-05-11 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ulead Systems
[2012-12-27 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\uTorrent
[2011-02-07 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\VDownloader
[2011-05-29 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2737A
[2009-11-21 23:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlcaTech
[2011-01-29 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-09-28 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite
[2012-07-08 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2012-12-09 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bcool
[2010-12-28 21:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2012-03-29 20:53:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-12-27 21:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-12-08 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Freemake
[2010-12-07 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-12-07 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-08 15:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2011-08-10 15:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-07-28 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2012-12-16 12:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2012-03-29 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate
[2010-12-19 12:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate Collection
[2012-12-16 12:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SimilarSites
[2010-05-11 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc
[2012-09-30 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2012-12-27 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-09 10:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-08-25 21:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-12-27 21:10:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-27 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Dane aplikacji\TuneUp Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-05-03 14:23:53 | 000,001,204 | ---- | M] () -- C:\1.txt
[2012-12-31 16:21:21 | 000,013,138 | ---- | M] () -- C:\12312012_160147.log
[2012-10-20 10:50:30 | 155,576,680 | ---- | M] (NVIDIA Corporation) -- C:\306.81-desktop-winxp-32bit-international-whql.exe
[2012-09-21 07:17:12 | 000,702,281 | ---- | M] () -- C:\a1_geog.pdf
[2012-12-31 16:27:39 | 000,026,620 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-10-24 12:33:11 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-11 14:49:35 | 000,475,490 | ---- | M] () -- C:\cc_20101111_144910.reg
[2010-11-11 14:49:52 | 000,003,986 | ---- | M] () -- C:\cc_20101111_144946.reg
[2012-10-20 20:27:04 | 000,002,233 | ---- | M] () -- C:\CIAGI.PAS
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-24 12:49:42 | 000,000,143 | ---- | M] () -- C:\csb.log
[2012-10-20 12:33:05 | 006,081,842 | ---- | M] (Treexy ) -- C:\driver_fusion_1.2.0.exe
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-09-20 19:19:16 | 000,003,868 | ---- | M] () -- C:\KALKU.BAK
[2012-09-26 18:23:19 | 000,011,888 | ---- | M] () -- C:\KALKU.EXE
[2012-09-20 19:27:08 | 000,004,194 | ---- | M] () -- C:\KALKU.PAS
[2012-09-20 18:53:55 | 000,007,645 | ---- | M] () -- C:\KALKU.rar
[2010-07-15 18:12:56 | 000,000,000 | RHS- | M] () -- C:\khx
[2010-08-10 23:16:11 | 000,000,000 | RHS- | M] () -- C:\khy
[2012-04-22 10:28:50 | 003,523,817 | ---- | M] () -- C:\Kombii - Pokolenie pobrano z ulub_pl.mp3
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2010-04-19 13:54:40 | 076,119,274 | ---- | M] () -- C:\kopiazapasowa.reg
[2012-10-09 21:31:31 | 000,909,662 | ---- | M] () -- C:\Kopia_zapasowa_wiz.cdr
[2012-10-02 00:03:00 | 001,314,648 | ---- | M] () -- C:\Kopia_zapasowa_yuytu.cdr
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 23:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2012-12-31 16:29:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012-10-20 17:17:52 | 000,057,344 | ---- | M] () -- C:\pascal.ppt
[2012-12-06 00:17:40 | 000,791,552 | ---- | M] () -- C:\Pascal2.ppt
[2012-02-13 21:20:12 | 150,938,644 | ---- | M] () -- C:\Pawel Presents Trance Music vol.1.mp3
[2012-06-09 09:19:34 | 004,124,453 | ---- | M] () -- C:\presents 1.mp3
[2012-01-18 20:19:29 | 000,004,976 | ---- | M] () -- C:\PROGRAMM.EXE
[2012-01-18 20:12:20 | 000,000,386 | ---- | M] () -- C:\PROGRAMM.PAS
[2009-10-24 12:48:01 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2011-07-15 10:34:26 | 252,483,264 | ---- | M] () -- C:\S7302579.AVI
[2011-07-16 20:42:20 | 000,082,433 | ---- | M] () -- C:\saac1.2.zip
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-30 16:38:03 | 000,000,122 | ---- | M] () -- C:\service.log
[2012-07-03 10:45:56 | 001,587,696 | ---- | M] () -- C:\SetupVirtualCloneDrive5450.exe
[2011-09-14 21:00:06 | 115,729,182 | ---- | M] () -- C:\sysisie.rar
[2011-08-24 15:22:24 | 000,096,167 | ---- | M] () -- C:\Tabela 355 z dnia 27.07.11-zamkn. 1-31.08.11.xls.pdf
[2012-10-10 20:05:18 | 000,001,358 | ---- | M] () -- C:\TABELICE.BAK
[2012-10-10 20:20:15 | 000,005,328 | ---- | M] () -- C:\TABELICE.EXE
[2012-10-10 20:20:12 | 000,001,479 | ---- | M] () -- C:\TABELICE.PAS
[2012-05-04 12:18:34 | 004,586,328 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup.exe
[2012-01-02 22:34:36 | 000,421,020 | ---- | M] () -- C:\untitled.blend
[2012-01-02 16:23:23 | 000,413,592 | ---- | M] () -- C:\untitled.blend1
[2012-01-02 16:15:53 | 000,413,592 | ---- | M] () -- C:\untitled.blend2
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-10-27 13:04:22 | 000,029,962 | ---- | M] () -- C:\Wheels0079_thumbhuge.jpg
[2011-10-09 21:46:11 | 082,870,453 | ---- | M] () -- C:\Wideo030.mp4
[2011-10-09 21:49:02 | 031,052,725 | ---- | M] () -- C:\Wideo031.mp4
[2011-12-24 12:55:18 | 363,715,223 | ---- | M] () -- C:\Wigilia Klasowa 2011.rar
[2012-10-10 20:31:16 | 000,076,434 | ---- | M] () -- C:\wiz.cdr
[2012-10-12 06:36:33 | 000,181,626 | ---- | M] () -- C:\wiz12.cdr
[2012-10-02 21:09:41 | 001,314,970 | ---- | M] () -- C:\yuytu.cdr
[2012-10-09 21:39:08 | 000,013,814 | ---- | M] () -- C:\zapro.cdr
[2012-04-20 14:17:50 | 003,394,278 | ---- | M] () -- C:\[www.dloader.pl]bashunter_-_now_you_re_gone.mp3
[2012-04-20 13:51:50 | 001,599,143 | ---- | M] () -- C:\[www.dloader.pl]basshunter_-_all_i_ever_wanted.mp3

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 00:47:36 | 000,004,224 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINNT\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-04 00:14:30 | 000,182,912 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINNT\system32\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

< End of report >[/log]

EXT
[log]OTL Extras logfile created on: 2012-12-31 16:46:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,33% Memory free
3,85 Gb Paging File | 3,70 Gb Available in Paging File | 96,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,93 Gb Free Space | 34,66% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,55 Gb Free Space | 12,42% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,71 Gb Free Space | 37,75% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel® Integrated Performance Primitives RTI 4.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1326
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.126
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALLPlayer_is1" = ALLPlayer V4.X
"AP Suggestor" = AP Suggestor
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Elasto Mania" = Elasto Mania
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Expressivo" = Expressivo
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter wersja 3.0.0
"Gadu-Gadu 10" = Gadu-Gadu 10
"Hardcore" = Hardcore
"Historyczna mapa polskiej sieci kolejowej_is1" = Rail Map 2.2
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IL Download Manager" = IL Download Manager
"ImageHelper 1.01" = ImageHelper 1.01
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"ipla" = ipla 2.2.1
"IrfanView" = IrfanView (remove only)
"IVONA ControlCenter" = IVONA ControlCenter
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Lexmark 640 Series" = Lexmark 640 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0
"Łatka polonizacyjna GTA IV: The Lost and Damned v1.1 oraz GTA IV: The Ballad of Gay Tony v1.0" = Łatka polonizacyjna GTA IV: The Lost and Damned v1.1 oraz GTA IV: The Ballad of Gay Tony v1.0
"Mafia 2_is1" = Mafia 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixed In Key" = Mixed In Key 2.5
"MixVibesProducerDemo.exe" = MixVibes PRODUCER DEMO uninstall
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notowania OnLine 3.0 DM BZWBK S.A._is1" = Notowania OnLine 3.0 DM BZWBK S.A.
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"OptimizerPro" = OptimizerPro
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"Runway Designer" = Runway Designer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"TrainzObjectz_is1" = TrainzObjectz 6.0 Build 544
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-29 11:58:36 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:47 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 06:58:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-30 09:54:33 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd acrord32.exe, wersja 5.0.1.329, moduł powodujący
błąd acrord32.exe, wersja 5.0.1.329, adres błędu 0x0014f885.

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 11:38:02 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-31 07:32:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

[ System Events ]
Error - 2012-12-31 11:39:50 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:39:50 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:41:04 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 11:41:04 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:41:04 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:42:06 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 11:42:06 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:42:06 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:43:05 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 11:47:03 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >[/log]

usuwanie OTL
[log]All processes killed
========== OTL ==========
I:\autorun.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\brx\ deleted successfully.
File Protocol\Handler\brx - No CLSID value found not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File system32\DRIVERS\pccsmcfd.sys not found.
Service ossrv stopped successfully!
Service ossrv deleted successfully!
File system32\drivers\ctoss2k.sys not found.
Service mcdbus stopped successfully!
Service mcdbus deleted successfully!
File system32\DRIVERS\mcdbus.sys not found.
Error: No service named 75a9b1f9d00a74c0 was found to stop!
Service\Driver key 75a9b1f9d00a74c0 not found.
File move failed. C:\WINNT\system32\drivers\75a9b1f9d00a74c0.sys scheduled to be moved on reboot.
Error: No service named 75a9b1f9d00a74c0 was found to stop!
Service\Driver key 75a9b1f9d00a74c0 not found.
File move failed. C:\WINNT\system32\drivers\75a9b1f9d00a74c0.sys scheduled to be moved on reboot.
Service syshost32 stopped successfully!
Service syshost32 deleted successfully!
File move failed. C:\WINNT\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}\syshost.exe scheduled to be moved on reboot.
Service winmgmt stopped successfully!
Service winmgmt deleted successfully!
C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js moved successfully.
winmgmt removed from NetSvcs value successfully!
File C:\Documents and Settings\alex\wgsdgsdgdsgsd.exe not found.
========== FILES ==========
C:\WINNT\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINNT\tasks\OptimizerProUpdaterTask{DB53F509-889B-4D09-8CC4-AD4D7A216639}.job moved successfully.
[color=#A23BEC]< netsh firewall reset /C >[/color]
OSTRZEŻENIE: Nie można uzyskać informacji o hoście z komputera: [ALEX]. Niektóre polecenia mogą być niedostępne.
Określona usługa nie istnieje jako usługa zainstalowana.
Ok.
C:\Documents and Settings\alex\Pulpit\cmd.bat deleted successfully.
C:\Documents and Settings\alex\Pulpit\cmd.txt deleted successfully.
[color=#A23BEC]< netsh winsock reset /C >[/color]
OSTRZEŻENIE: Nie można uzyskać informacji o hoście z komputera: [ALEX]. Niektóre polecenia mogą być niedostępne.
Określona usługa nie istnieje jako usługa zainstalowana.
Pomyślnie zresetowano Winsock Catalog.
Musisz ponownie uruchomić komputer, aby ukończyć resetowanie.
C:\Documents and Settings\alex\Pulpit\cmd.bat deleted successfully.
C:\Documents and Settings\alex\Pulpit\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: alex
->Temp folder emptied: 13375726669 bytes
->Temporary Internet Files folder emptied: 894703345 bytes
->Java cache emptied: 1570587 bytes
->FireFox cache emptied: 419231901 bytes
->Opera cache emptied: 52503167 bytes
->Flash cache emptied: 17505 bytes

User: All Users

User: antex
->Temp folder emptied: 587497 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: komputer

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33604 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 967102 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24505491 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110251332 bytes
RecycleBin emptied: 6304846475 bytes

Total Files Cleaned = 20 204,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12312012_160147

Files\Folders moved on Reboot...
File move failed. C:\WINNT\system32\drivers\75a9b1f9d00a74c0.sys scheduled to be moved on reboot.
File move failed. C:\WINNT\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}\syshost.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...[/log]

AdwCleaner
[log]# AdwCleaner v2.104 - Log utworzony 31/12/2012 o 16:27:33
# Aktualizacja 29/12/2012 przez Xplode
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Użytkownik : alex - ALEX
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
# Opcja [Usuń]

***** [Usługi] *****

Zatrzymano & Usunięto : PC Performer Manager

***** [Pliki / Foldery] *****

Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\BabylonToolbar
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\Funmoods
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\imeshbandmltbpi
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\Media Finder
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\OpenCandy
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\PerformerSoft
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\PriceGong
Folder Usunięto : C:\Documents and Settings\alex\Dane aplikacji\Toolbar4
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\pc performer manager
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Premium
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\SaveAs
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
Folder Usunięto : C:\Documents and Settings\All Users\Menu Start\Programy\Media Finder
Folder Usunięto : C:\Documents and Settings\antex\Dane aplikacji\mediabarim
Folder Usunięto : C:\Program Files\1ClickDownload
Folder Usunięto : C:\Program Files\Conduit
Folder Usunięto : C:\Program Files\ConduitEngine
Folder Usunięto : C:\Program Files\DAEMON Tools Toolbar
Folder Usunięto : C:\Program Files\StartSearch plugin
Folder Usunięto : C:\Program Files\SweetIM
Plik Usunięto : C:\DOCUME~1\alex\USTAWI~1\Temp\Uninstall.exe
Plik Usunięto : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Plik Usunięto : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Plik Usunięto : C:\Program Files\Mozilla firefox\searchplugins\v9.xml
Plik Usunięto : C:\user.js

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\1ClickDownload
Klucz Usunięto : HKCU\Software\5368c88b338ba44
Klucz Usunięto : HKCU\Software\APN PIP
Klucz Usunięto : HKCU\Software\AppDataLow\AskBarDis
Klucz Usunięto : HKCU\Software\AppDataLow\Software\Conduit
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\Conduit
Klucz Usunięto : HKCU\Software\ConduitSearchScopes
Klucz Usunięto : HKCU\Software\DataMngr
Klucz Usunięto : HKCU\Software\Funmoods
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klucz Usunięto : HKCU\Software\IGearSettings
Klucz Usunięto : HKCU\Software\IM
Klucz Usunięto : HKCU\Software\ImInstaller
Klucz Usunięto : HKCU\Software\MediaFinder
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Klucz Usunięto : HKCU\Software\PriceGong
Klucz Usunięto : HKCU\Software\SmartBar
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\StartSearch
Klucz Usunięto : HKCU\Software\SweetIM
Klucz Usunięto : HKCU\Software\Tutorials
Klucz Usunięto : HKCU\Software\TutoTag
Klucz Usunięto : HKLM\SOFTWARE\5368c88b338ba44
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\BabylonToolbar
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Klucz Usunięto : HKLM\SOFTWARE\Classes\b
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Conduit.Engine
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\MF
Klucz Usunięto : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Klucz Usunięto : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Klucz Usunięto : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Klucz Usunięto : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Klucz Usunięto : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\Software\Conduit
Klucz Usunięto : HKLM\Software\Funmoods
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Klucz Usunięto : HKLM\Software\Iminent
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LiveVDO plugin
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Klucz Usunięto : HKLM\Software\PIP
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\SweetIM
Klucz Usunięto : HKLM\Software\Tarma Installer
Klucz Usunięto : HKLM\Software\Tuto4PC
Klucz Usunięto : HKLM\Software\VDownloader\OpenCandy
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Wartość Usunięto : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v6.0.2900.2180

Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114506&tt=4912_4&babsrc=HP_clro&mntrId=80ba74f5000000000000001fd05fed62 --> hxxp://www.google.com
Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD3200AAJS-00B4A0_WD-WMAT1040563005630&ts=1353005329 --> hxxp://www.google.com
Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.imesh.com/sidebar.html?src=ssb&sysid=1 --> hxxp://www.google.com
Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?q={searchTerms} --> hxxp://www.google.com
Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=WDC_WD3200AAJS-00B4A0_WD-WMAT1040563005630&ts=1353005329 --> hxxp://www.google.com
Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.mocaflix.com/ --> hxxp://www.google.com

-\\ Opera v12.12.1707.0

Plik : C:\Documents and Settings\alex\Dane aplikacji\Opera\Opera\operaprefs.ini

Usunięto : Home URL=hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyB[...]

*************************

AdwCleaner[S1].txt - [26489 octets] - [31/12/2012 16:27:33]

########## EOF - C:\AdwCleaner[S1].txt - [26550 octets] ##########[/log]

JRT
[log]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Microsoft Windows XP x86
Ran by alex on 2012-12-31 at 16:34:23,35
Blog: [url="http://thisisudax.blogspot.com"]http://thisisudax.blogspot.com[/url]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\v9software



~~~ Files

Successfully deleted: [File] "C:\WINNT\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\imesh applications"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\imeshwebsearch.xml"
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\user.js
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\funmoods.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\imeshwebsearch.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\startsear.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\sweetim.xml
Successfully deleted: [File] C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\searchplugins\websearch.xml
Successfully deleted the following from C:\Documents and Settings\alex\Dane aplikacji\mozilla\firefox\profiles\ekutx1w4.default\prefs.js

user_pref("CT2704262.DialogsAlignMode", "LTR");
user_pref("CT2704262.FirstTimeFF3", true);
user_pref("CT2704262.FirstTimeSettingsDone", true);
user_pref("CT2704262.InstalledDate", "Tue May 03 2011 00:50:34 GMT+0200");
user_pref("CT2704262.InvalidateCache", false);
user_pref("CT2704262.IsGrouping", false);
user_pref("CT2704262.IsMulticommunity", false);
user_pref("CT2704262.IsOpenThankYouPage", true);
user_pref("CT2704262.IsOpenUninstallPage", true);
user_pref("CT2704262.LanguagePackLastCheckTime", "Tue May 03 2011 00:50:34 GMT+0200");
user_pref("CT2704262.Locale", "en");
user_pref("CT2704262.MCDetectTooltipHeight", "83");
user_pref("CT2704262.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2704262.MCDetectTooltipWidth", "295");
user_pref("CT2704262.RadioIsPodcast", false);
user_pref("CT2704262.RadioLastCheckTime", "Tue May 03 2011 00:50:33 GMT+0200");
user_pref("CT2704262.RadioLastUpdateIPServer", "3");
user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
user_pref("CT2704262.RadioMediaID", "21037024");
user_pref("CT2704262.RadioMediaType", "Media Player");
user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
user_pref("CT2704262.RadioStationName", "California%20Rock");
user_pref("CT2704262.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2704262.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2704262&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2704262.SearchFromAddressBarIsInit", true);
user_pref("CT2704262.SettingsCheckIntervalMin", 120);
user_pref("CT2704262.SettingsLastCheckTime", "Tue May 03 2011 00:50:32 GMT+0200");
user_pref("CT2704262.SettingsLastUpdate", "1303029095");
user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Tue May 03 2011 00:50:32 GMT+0200");
user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1246786978");
user_pref("CT2704262.alertChannelId", "1096603");
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.newtab.url", "http://mystart.incredibar.com/mb188?a=6R8GLiuH0o&i=26");
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
user_pref("browser.search.defaulturl", "http://websearch.mocaflix.com/?l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.50bca6e11942c.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babTrack", "affID=100888");
user_pref("extensions.BabylonToolbar.bbDpng", 17);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "80ba74f5000000000000001fd05fed62");
user_pref("extensions.BabylonToolbar.instlDay", "15230");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80ba74f5000000000000001fd05fed62&tlver=1.4.35.10&affID=100888
user_pref("extensions.BabylonToolbar.lastDP", 17);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1020:57:09");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "^http://www\\.claro-search\\.com/\\?affID=114506.*");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1020:57:09");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
user_pref("extensions.BabylonToolbar_i.hardId", "80ba74f5000000000000001fd05fed62");
user_pref("extensions.BabylonToolbar_i.id", "80ba74f5000000000000001fd05fed62");
user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110819&babsrc=NT_ss&mntrId=80ba74f5000000000000001fd05fed62");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:23:57");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "PL");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "pl");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hdrMd5", "36D00C115043621F4326530D5C806BC5");
user_pref("extensions.Softonic.hmpg", true);
user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MON00084/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpNew", "http://search.softonic.com/MON00084/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpOld", "google.pl");
user_pref("extensions.Softonic.id", "80ba74f5000000000000001fd05fed62");
user_pref("extensions.Softonic.instlDay", "15615");
user_pref("extensions.Softonic.instlRef", "MON00084");
user_pref("extensions.Softonic.isdcmntcmplt", true);
user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.418:06:19");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", true);
user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MON00084/tb_v1?SearchSource=15&cc=");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.propectorlck", 87770839);
user_pref("extensions.Softonic.prtkhmpg", 1);
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00084/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.6.7.4");
user_pref("extensions.Softonic.vrsnTs", "1.6.7.418:06:19");
user_pref("extensions.Softonic.vrsni", "1.6.7.4");
user_pref("extensions.Softonic_i.hmpg", true);
user_pref("extensions.Softonic_i.newTab", true);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.418:06:19");
user_pref("extensions.funmoods.aflt", "nv1");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "PL");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "318EBF921A73447A07EF9355F62349A7");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyByE0FyDtN0D0Tzu0CtBzyzztN1L2XzutBtFtBtFtDtF
user_pref("extensions.funmoods.id", "7A7905A73C1174F5");
user_pref("extensions.funmoods.instlDay", "15637");
user_pref("extensions.funmoods.instlRef", "nv1");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:38:17");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyByE0FyDtN0D0Tzu0CtBzyzztN1L2XzutBtFtBtFtD
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0AyBtA0CtCtCyByE0FyDtN0D0Tzu0CtBzyzztN1L2XzutBtFtBtF
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:38:17");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:38:17");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "80ba74f5000000000000001fd05fed62");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15613");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "1");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8GLiuH0o&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8GLiuH0o");
user_pref("extensions.incredibar_i.upn2n", "92825146731857300");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:57:34");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("keyword.URL", "http://websearch.mocaflix.com/?l=1&q=");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "disable");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff_1_6.html");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.sweetim.com/search.asp?src=2&q=");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "true");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");
user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{55B7FA17-4C1F-4261-925B-42DAE5002F3E}");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000&st=18&barid={55B7FA17-4C1F-4261-925B-42DAE5002F3E}");
user_pref("sweetim.toolbar.version", "1.6.0.3");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2012-12-31 at 16:37:40,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/log]

wirusolog
komentarz
komentarz (edytowane)

Pierwszy etap zakończony, zajmiemy się dużo gorszą infekcją:

[quote]SRV - [2012-12-20 16:28:49 | 000,062,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINNT\System32\drivers[b]\[color=#ff0000]75a9b1f9d00a74c0.sys[/color][/b] -- (75a9b1f9d00a74c0)[/quote]
W systemie działa rootkit [b]Necurs[/b]

[b]1.[/b] Uruchom zgodnie z opisem [url="http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page__view__findpost__p__57587"][b][color=blue][u]ESET Necurs Remover[/u][/color][/b][/url]. Pokaż raport z niego.

[b]2.[/b] Po restarcie pojawi się na Pulpicie znak wodny "Tryb testu". Start > uruchom > [b]cmd[/b] > wklej tą komendę:
[b]bcdedit /set testsigning off[/b]

[b]3.[/b] Widzę, że został używany ComboFix. Usuń tą wersję którą posiadasz, ściągnij najnowszą z tąd: [url="http://www.bleepingcomputer.com/download/combofix/"][b][color=blue][u]ComboFix[/u][/color][/b][/url] i wygeneruj z niego log.

  • Dobra wypowiedź 1
kamann
komentarz
komentarz

ESET
[log]info: --------------------------------------------------------------------------------
info: ESET Necurs Remover v2.0.0.0 (Nov 26 2012 14:10:55)
info: --------------------------------------------------------------------------------
info: OS: 5.1.2600 SP3
info: Product type: workstation
info: WoW64: 0
info: --------------------------------------------------------------------------------
debug: debug mode self-test
info: Rootkit's service key - "75a9b1f9d00a74c0".
info: Rootkit's module path - "\SystemRoot\System32\Drivers\75a9b1f9d00a74c0.sys".
info: Rootkit has been cleaned successfully.
[/log]

ComboFix
[log]ComboFix 12-12-31.01 - alex 2012-12-31 17:44:45.1.2 - x86
Uruchomiony z: c:\documents and settings\alex\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\alex\Dane aplikacji\Ikach
c:\documents and settings\alex\Dane aplikacji\Ikach\awte.exe
c:\documents and settings\alex\WINDOWS
c:\documents and settings\All Users\Dane aplikacji\31F65979B0.sys
c:\documents and settings\All Users\Dane aplikacji\Bcool
c:\documents and settings\All Users\Dane aplikacji\Bcool\50bca683259e1.html
c:\documents and settings\All Users\Dane aplikacji\Bcool\50bca68325a19.js
c:\documents and settings\All Users\Dane aplikacji\Bcool\jimlapkpdapfajadceegjbpgndkcghng.crx
c:\documents and settings\All Users\Dane aplikacji\Bcool\settings.ini
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\program files\AP Suggestor\APSUggestor.dll
c:\winnt\assembly\GAC\Desktop.ini
c:\winnt\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}\syshost.exe
c:\winnt\IsUn0415.exe
c:\winnt\msmqinst.log
c:\winnt\pkunzip.pif
c:\winnt\pkzip.pif
c:\winnt\system32\autorun.in
c:\winnt\system32\Cache
c:\winnt\system32\Cache\1a74a5e95c838952.fb
c:\winnt\system32\Cache\272512937d9e61a4.fb
c:\winnt\system32\Cache\287204568329e189.fb
c:\winnt\system32\Cache\28bc8f716fd76a47.fb
c:\winnt\system32\Cache\2c53092c95605355.fb
c:\winnt\system32\Cache\31a0997e9a5b5eb3.fb
c:\winnt\system32\Cache\32c84fe32bb74d60.fb
c:\winnt\system32\Cache\3917078cb68ec657.fb
c:\winnt\system32\Cache\4300ec2aa44415a2.fb
c:\winnt\system32\Cache\590ba23ce359fd0c.fb
c:\winnt\system32\Cache\610289e025a3ee9a.fb
c:\winnt\system32\Cache\651c5d3cdbfb8bd1.fb
c:\winnt\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\winnt\system32\Cache\6d03dad1035885d3.fb
c:\winnt\system32\Cache\8618e11e337b4f52.fb
c:\winnt\system32\Cache\90539792879698c2.fb
c:\winnt\system32\Cache\a8556537add6dfc5.fb
c:\winnt\system32\Cache\ad10a52aff5e038d.fb
c:\winnt\system32\Cache\c1fa887b03019701.fb
c:\winnt\system32\Cache\c4d28dca2e7648be.fb
c:\winnt\system32\Cache\ce5afe29e6196c31.fb
c:\winnt\system32\Cache\d201ef9910cd39de.fb
c:\winnt\system32\Cache\d2e94710a5708128.fb
c:\winnt\system32\Cache\d79b9dfe81484ec4.fb
c:\winnt\system32\Cache\f998975c9cc711ee.fb
c:\winnt\system32\sqlite3.dll
c:\winnt\UA000035.DLL
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-28 do 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\winnt\system32\xircom
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\winnt\system32\wbem\snmp
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\program files\microsoft frontpage
2012-12-31 15:34 . 2012-12-31 15:34 -------- d-----w- c:\winnt\ERUNT
2012-12-31 15:34 . 2012-12-31 15:34 -------- d-----w- C:\JRT
2012-12-31 15:01 . 2012-12-31 15:01 -------- d-----w- C:\_OTL
2012-12-27 21:01 . 2012-12-27 21:01 -------- d-----w- c:\documents and settings\UpdatusUser\Dane aplikacji\TuneUp Software
2012-12-27 20:56 . 2012-12-27 20:56 2176 ----a-w- C:\kopia rejj.reg
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\TuneUp Software
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-24 12:27 . 2012-12-24 12:27 388096 ----a-r- c:\documents and settings\alex\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-24 12:27 . 2012-12-24 12:27 -------- d-----w- c:\program files\Trend Micro
2012-12-21 11:40 . 2012-12-21 11:40 26984 ----a-w- c:\winnt\system32\drivers\avgtpx86.sys
2012-12-21 11:40 . 2012-12-21 11:40 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search
2012-12-20 15:28 . 2012-12-20 15:28 62208 ----a-w- c:\winnt\system32\drivers\75a9b1f9d00a74c0.sys
2012-12-19 17:41 . 2012-12-31 11:32 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Akuh
2012-12-19 17:41 . 2012-12-19 17:41 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Tahomu
2012-12-16 11:31 . 2012-12-16 11:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SimilarSites
2012-12-16 11:26 . 2012-12-16 11:26 -------- d-----w- c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner
2012-12-14 22:17 . 2012-12-29 11:54 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Amlie
2012-12-14 22:17 . 2012-12-14 22:17 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Lepayg
2012-12-14 22:17 . 2012-12-14 22:17 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Gune
2012-12-07 20:37 . 2012-12-07 20:37 -------- d-----w- C:\Users
2012-12-07 10:54 . 2012-12-07 10:54 -------- d-----w- c:\program files\Common Files\Steam
2012-12-05 21:30 . 2012-12-05 21:30 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\OpenOffice.org
2012-12-05 10:35 . 2012-12-05 10:35 -------- d-----w- c:\documents and settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
2012-12-04 20:08 . 2012-12-04 20:08 -------- d-----w- c:\program files\ESET
2012-12-04 11:55 . 2012-12-04 16:18 -------- d-----w- c:\program files\SEGA
2012-12-03 13:03 . 2012-12-03 13:03 -------- d-----w- C:\Windows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 20:12 . 2009-10-24 14:32 466008 ----a-w- c:\winnt\system32\drivers\sptd.sys
2012-12-20 13:07 . 2009-12-01 13:49 138464 ----a-w- c:\winnt\system32\drivers\PnkBstrK.sys
2012-12-20 13:07 . 2009-12-01 13:49 111928 ----a-w- c:\winnt\system32\PnkBstrB.exe
2012-12-20 13:04 . 2009-10-24 11:44 16608 ----a-w- c:\winnt\gdrv.sys
2012-12-03 13:35 . 2009-12-01 18:54 22328 -c--a-w- c:\documents and settings\alex\Dane aplikacji\PnkBstrK.sys
2012-12-03 13:35 . 2012-09-22 08:49 682280 ------w- c:\winnt\system32\pbsvc.exe
2012-12-03 13:35 . 2009-12-01 13:48 66872 ------w- c:\winnt\system32\PnkBstrA.exe
2012-11-30 18:04 . 2012-11-30 18:04 507392 ------w- c:\winnt\system32\dxgi.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ------w- c:\winnt\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ------w- c:\winnt\system32\QuickTime.qts
2012-10-20 11:33 . 2012-10-20 11:33 6081842 ----a-w- C:\driver_fusion_1.2.0.exe
2012-10-20 09:50 . 2012-10-20 09:49 155576680 ----a-w- C:\306.81-desktop-winxp-32bit-international-whql.exe
2012-10-11 17:25 . 2012-10-11 17:25 696760 ------w- c:\winnt\system32\FlashPlayerApp.exe
2012-10-11 17:25 . 2011-08-29 22:22 73656 ------w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-10-10 19:20 . 2012-10-10 18:17 5328 ----a-w- C:\TABELICE.EXE
2011-06-09 10:03 . 2011-07-18 20:54 3486088 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe
2011-06-09 10:03 . 2011-07-18 20:54 143240 ----a-w- c:\program files\Common Files\ApnStub.exe
2010-01-26 09:11 . 2010-12-04 16:27 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-12-04 16:06 . 2012-10-27 18:16 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\asyncmac.sys
.
[-] 2001-08-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys
.
[-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\kbdclass.sys
[-] 2004-08-03 . CC13DB862F929AE33F64C3BEDC01CD31 . 24960 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ntfs.sys
.
[-] 2001-08-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys
.
[-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\browser.dll
[-] 2004-08-04 . 210830D2497FEF78694076179AF8C795 . 77312 . . [5.1.2600.2180] . . c:\winnt\system32\browser.dll
.
[-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\lsass.exe
[-] 2004-08-04 . F485FEFC8CC4FD29243D800BE5D275D1 . 13312 . . [5.1.2600.2180] . . c:\winnt\system32\lsass.exe
.
[-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\netman.dll
[-] 2006-05-13 . 92296EBC8CE6714A3DC3D791E6246580 . 197632 . . [5.1.2600.2743] . . c:\winnt\system32\netman.dll
.
[-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\comres.dll
[-] 2004-08-04 00:43 . 8797D059EEBD5101CC6257EE2D6B900A . 822272 . . [2001.12.4414.258] . . c:\winnt\system32\comres.dll
.
[-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\qmgr.dll
[-] 2004-08-04 . A6BFD910074B02C8794FC65F39CC6B28 . 382464 . . [6.6.2600.2180] . . c:\winnt\system32\qmgr.dll
.
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\spoolsv.exe
[-] 2006-05-13 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\system32\spoolsv.exe
.
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
[-] 2004-08-04 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\winnt\system32\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\comctl32.dll
[-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2004-08-04 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cryptsvc.dll
[-] 2004-08-04 . 91723CD7C96C5854149F9CAE820A90DD . 60416 . . [5.1.2600.2180] . . c:\winnt\system32\cryptsvc.dll
.
[-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\imm32.dll
[-] 2004-08-04 . BDB679C04273B19BF46BD0D591FDEEC3 . 110080 . . [5.1.2600.2180] . . c:\winnt\system32\imm32.dll
.
[-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\linkinfo.dll
[-] 2006-05-13 . B489FAA0105744BEB96594E2974DCF69 . 19968 . . [5.1.2600.2751] . . c:\winnt\system32\linkinfo.dll
.
[-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\lpk.dll
[-] 2004-08-04 . 261DB4366ECB4220EA960F0CA78CABAC . 22016 . . [5.1.2600.2180] . . c:\winnt\system32\lpk.dll
.
[-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msvcrt.dll
[-] 2008-04-14 . 11F8B9042B6F4320B6D4E528664AD693 . 343040 . . [7.0.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-04 . 9AFE931CBC9244A5EB0B9E9D5FA74F44 . 343040 . . [7.0.2600.2180] . . c:\winnt\system32\msvcrt.dll
[-] 2004-08-04 . 9C6F09D2B217A0BF739AF557C84CD3BD . 343040 . . [7.0.2600.2180] . . c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-08-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\powrprof.dll
[-] 2004-08-04 . B20BB2A65349EF132FA7F2EB51A29E5C . 17408 . . [6.00.2900.2180] . . c:\winnt\system32\powrprof.dll
.
[-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\scecli.dll
[-] 2004-08-04 . 3609496AE18FF399920C494270C526F9 . 185344 . . [5.1.2600.2180] . . c:\winnt\system32\scecli.dll
.
[-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfc.dll
[-] 2004-08-04 . 3F342B984E9E1ABD58347DA859CD44C6 . 5120 . . [5.1.2600.2180] . . c:\winnt\system32\sfc.dll
.
[-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\svchost.exe
[-] 2004-08-04 . BA98327E90022DBD6EE76490E0622E2E . 14336 . . [5.1.2600.2180] . . c:\winnt\system32\svchost.exe
.
[-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\tapisrv.dll
[-] 2006-05-13 . 8B050486E57C23624CFD374488FE4A16 . 249344 . . [5.1.2600.2716] . . c:\winnt\system32\tapisrv.dll
.
[-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\user32.dll
[-] 2006-05-13 . 6A93565BE9B8422EB7538C66AC732D76 . 578560 . . [5.1.2600.2622] . . c:\winnt\system32\user32.dll
.
[-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\userinit.exe
[-] 2004-08-04 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180] . . c:\winnt\system32\userinit.exe
.
[-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ws2_32.dll
[-] 2004-08-04 . AB82237486B727DD7DAB36A76F38A3A2 . 82944 . . [5.1.2600.2180] . . c:\winnt\system32\ws2_32.dll
.
[-] 2008-04-14 . F43B5623C5CA5BF6D9678FCF19642422 . 19968 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ws2help.dll
[-] 2004-08-04 . D30F55D0980533DD1C5AC640E05C49E6 . 19968 . . [5.1.2600.2180] . . c:\winnt\system32\ws2help.dll
.
[-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\explorer.exe
[-] 2004-08-04 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\winnt\explorer.exe
.
[-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\regedit.exe
[-] 2004-08-04 . C1FD2A565973DE555A36B335644402EB . 149504 . . [5.1.2600.2180] . . c:\winnt\regedit.exe
.
[-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ole32.dll
[-] 2006-05-13 . BCD128E716934F42D1818EE70652BB98 . 1285632 . . [5.1.2600.2726] . . c:\winnt\system32\ole32.dll
.
[-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\usp10.dll
[-] 2004-08-04 . 8E607A6F159621A8737DF29F46EDA1EF . 406528 . . [1.0420.2600.2180] . . c:\winnt\system32\usp10.dll
.
[-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ksuser.dll
[-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\winnt\system32\ksuser.dll
[-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\winnt\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll
[7] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\winnt\Driver Cache\i386\ksuser.dll
[7] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ctfmon.exe
[-] 2004-08-04 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\winnt\system32\ctfmon.exe
.
[-] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\shsvcs.dll
[-] 2004-08-04 . 7C8E934687C496EDC69FDBBD2C277E63 . 135168 . . [6.00.2900.2180] . . c:\winnt\system32\shsvcs.dll
.
[-] 2008-04-14 . 20E2F2943D19E99590157874A0C92BD0 . 4608 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msimg32.dll
[-] 2004-08-04 . 1EFAF33A07CFC49E8830BE28110D3363 . 4608 . . [5.1.2600.2180] . . c:\winnt\system32\msimg32.dll
.
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\srsvc.dll
[-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\winnt\system32\srsvc.dll
.
[-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wscntfy.exe
[-] 2004-08-04 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\winnt\system32\wscntfy.exe
.
[-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\xmlprov.dll
[-] 2004-08-04 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\winnt\system32\xmlprov.dll
.
[-] 2008-04-14 . 0201E0AE0CA44225A8706C7483BF5D9F . 177152 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msctfime.ime
[-] 2004-08-04 . 767BF742B365FD3D5BE3B66402A5E601 . 177152 . . [5.1.2600.2180] . . c:\winnt\system32\MSCTFIME.IME
.
[-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll
[-] 2004-08-04 . 05684DE2DA55A04C8AAAB5911AFE7643 . 55808 . . [5.1.2600.2180] . . c:\winnt\system32\eventlog.dll
.
[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfcfiles.dll
[-] 2004-08-04 . F044A12CFFB8E58BC044A2605283A636 . 1548288 . . [5.1.2600.2180] . . c:\winnt\system32\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\regsvc.dll
[-] 2004-08-04 . A19BFED61736127DB5B8B815AFB35190 . 59904 . . [5.1.2600.2180] . . c:\winnt\system32\regsvc.dll
.
[-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\schedsvc.dll
[-] 2004-08-04 . E5F1C9EAD4C6617ACD40CA90882CC7D4 . 192000 . . [5.1.2600.2180] . . c:\winnt\system32\schedsvc.dll
.
[-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ssdpsrv.dll
[-] 2004-08-04 . BB754C4BE0B18F0FAF01A7EBDE7025C4 . 71680 . . [5.1.2600.2180] . . c:\winnt\system32\ssdpsrv.dll
.
[-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\termsrv.dll
[-] 2004-08-04 . 2C28157229925280916B3041CCC5FE4B . 296448 . . [5.1.2600.2180] . . c:\winnt\system32\termsrv.dll
.
[-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\hnetcfg.dll
[-] 2004-08-04 . E2012CF69E88C83118472DE4945A27E5 . 346624 . . [5.1.2600.2180] . . c:\winnt\system32\hnetcfg.dll
.
[-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\appmgmts.dll
[-] 2004-08-04 . 8D60B308D061DA209CC271D9B480468C . 172032 . . [5.1.2600.2180] . . c:\winnt\system32\appmgmts.dll
.
[-] 2001-10-26 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\aec.sys
[-] 2004-08-03 20:39 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\mfc40u.dll
[-] 2001-10-26 19:29 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\winnt\system32\mfc40u.dll
.
[-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msgsvc.dll
[-] 2004-08-04 . 1D0EBF9EDAE8A61CBF56ED1FF8489FAC . 33792 . . [5.1.2600.2180] . . c:\winnt\system32\msgsvc.dll
.
[-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ntmssvc.dll
[-] 2004-08-04 00:44 . C8CE1566B0537C3F5F7AE1CA458A6697 . 435712 . . [5.1.2400.2180] . . c:\winnt\system32\ntmssvc.dll
.
[-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\upnphost.dll
[-] 2004-08-04 . 387D2A06C8E7CCCEA8E9A350C8FE6781 . 185856 . . [5.1.2600.2180] . . c:\winnt\system32\upnphost.dll
.
[-] 2008-04-14 . 4F2DA211B394AF150F00254F346857CD . 367616 . . [5.3.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\dsound.dll
[-] 2004-08-04 . 9E46388FE1308B54F843959FBE2764F9 . 367616 . . [5.3.2600.2180] . . c:\winnt\system32\dsound.dll
[7] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[7] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 8881A14051D739A8422C521A83D614DA . 1689088 . . [5.03.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\d3d9.dll
[-] 2004-08-04 . D87BF452D4BE09490D98EFB05D00FD9D . 1689088 . . [5.03.2600.2180] . . c:\winnt\system32\d3d9.dll
.
[-] 2008-04-14 . 277389C269541D4B474BA72CA98A39E4 . 279552 . . [5.03.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ddraw.dll
[-] 2004-08-04 . 1F542A014A9DDB28719630D1D9F1DB94 . 266240 . . [5.03.2600.2180] . . c:\winnt\system32\ddraw.dll
[7] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[7] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 17:20 . 24B2954CAA69D904C1F39A3AC1421044 . 84992 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\olepro32.dll
[-] 2004-08-04 00:44 . 46A2A555FAB1BD80FEBCF40670843942 . 83456 . . [5.1.2600.2180] . . c:\winnt\system32\olepro32.dll
.
[-] 2008-04-14 . 2095C42F0026BA1D0F6A4DC07CAEE871 . 41472 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\perfctrs.dll
[-] 2004-08-04 . ACD23BB505C892D56175CC686B5C1509 . 41472 . . [5.1.2600.2180] . . c:\winnt\system32\perfctrs.dll
.
[-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\version.dll
[-] 2004-08-04 . 5005BF45DF1D444E7639408AFAF8EED5 . 18944 . . [5.1.2600.2180] . . c:\winnt\system32\version.dll
.
[-] 2008-04-14 . AF3C3F051675CF688EAD4065FE11542D . 93184 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\iexplore.exe
.
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\srsvc.dll
[-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\winnt\system32\srsvc.dll
.
[-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\w32time.dll
[-] 2004-08-04 . 000A0D516A2E20441E77AEA44E46B19B . 175616 . . [5.1.2600.2180] . . c:\winnt\system32\w32time.dll
.
[-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wiaservc.dll
[-] 2004-08-04 . C6718154A50FE6C55E382CDBDEDCE7A7 . 333824 . . [5.1.2600.2180] . . c:\winnt\system32\wiaservc.dll
.
[-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\midimap.dll
[-] 2004-08-04 . AB5FC830C5FBAC5DE4C18725D4F4BD7A . 18944 . . [5.1.2600.2180] . . c:\winnt\system32\midimap.dll
.
[-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\rasadhlp.dll
[-] 2004-08-04 . 408C0FBB97B8B32E7CAF6C129EF18820 . 8192 . . [5.1.2600.2180] . . c:\winnt\system32\rasadhlp.dll
.
[-] 2008-04-14 . 03F727DFB0E242428AB7A20434ACF652 . 19456 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wshtcpip.dll
[-] 2004-08-04 . ED5518AC5D29D0C90426559DEC88FB02 . 19968 . . [5.1.2600.2180] . . c:\winnt\system32\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\MagicDisc.lnk
backup=c:\winnt\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\runctf.lnk
backup=c:\winnt\pss\runctf.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\winnt\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\winnt\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-03-23 23:23 1432064 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-07-28 12:12 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 07:39 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44 15360 ------w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Efruqynya]
2010-11-23 04:47 611704 ----a-w- c:\documents and settings\alex\Dane aplikacji\Lepayg\izasz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2011-07-04 17:45 13374048 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 09:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-11-15 12:56 18633728 ----a-w- c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 15:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22 421160 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVONA ControlCenter]
2011-02-11 12:52 1659768 ----a-w- c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-09-23 13:04 15512424 ------w- c:\winnt\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-09-23 13:04 108392 ------w- c:\winnt\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-09-23 14:28 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2009-11-14 04:30 70144 ------w- c:\winnt\system32\mmrtkrnl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 ------r- c:\winnt\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-07 10:54 1354736 ----a-w- d:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"vToolbarUpdater13.3.2"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"syshost32"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PnkBstrA"=2 (0x2)
"PlugPlay"=2 (0x2)
"PC Performer Manager"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NwSapAgent"=2 (0x2)
"NWCWorkstation"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMSAccess"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LmHosts"=2 (0x2)
"LexBceS"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GEST Service"=3 (0x3)
"FsUsbExService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 FsUsbExDisk;FsUsbExDisk;c:\winnt\system32\FsUsbExDisk.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\winnt\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\winnt\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\winnt\system32\DRIVERS\ss_bmdm.sys [x]
R4 75a9b1f9d00a74c0;syshost.exe;c:\winnt\System32\Drivers\75a9b1f9d00a74c0.sys [x]
R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R4 FsUsbExService;FsUsbExService;c:\winnt\system32\FsUsbExService.Exe [x]
R4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R4 sptd;sptd;c:\winnt\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\winnt\system32\drivers\avgtpx86.sys [x]
.
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} -
FF - ProfilePath - c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\
FF - ExtSQL: 2012-11-28 15:41; {E71B541F-5E72-5555-A47C-E47863195841}; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
FF - ExtSQL: 2012-12-03 14:17; 50bca68325817@50bca68325850.com; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\50bca68325817@50bca68325850.com
FF - ExtSQL: 2012-12-03 14:19; 50bca6e119380@50bca6e1193b9.com; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\50bca6e119380@50bca6e1193b9.com
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{FE69C007-C452-4d3e-86D2-1730DF8BC871} - c:\program files\SimilarSites\similarsites.dll
MSConfigStartUp-Eduvdaanog - c:\documents and settings\alex\Dane aplikacji\Ikach\awte.exe
MSConfigStartUp-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\Media Finder.exe
MSConfigStartUp-PCSpeedUp - c:\program files\Przyspiesz Komputer\PCSpeedUp.exe
MSConfigStartUp-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Icy Tower v1.4_is1 - c:\games\icytower1.4\unins000.exe
AddRemove-OptimizerPro - c:\docume~1\ALLUSE~1\DANEAP~1\InstallMate\OptimizerPro\Setup.exe
AddRemove-Łatka polonizacyjna GTA IV v1.0 - d:\program files\Rockstar Games\Grand Theft Auto IV\Spolszczenie\Deinstalator.exe
AddRemove-Łatka polonizacyjna GTA IV: The Lost and Damned v1.1 oraz GTA IV: The Ballad of Gay Tony v1.0 - e:\program files\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City\Spolszczenie\Deinstalator.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 17:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f1,c6,38,c8,ae,ce,f6,ec,13,c1,67,c8,73,8c,05,8a,7d,a3,84,b1,6e,
05,52,71,e1,12,13,90,15,e3,85,4a,db,f6,33,f6,b4,23,c2,ad,66,86,63,dd,82,75,\
"rkeysecu"=hex:81,f1,c7,47,73,db,0b,ae,dd,fc,c8,55,8c,3f,4d,20
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(808)
c:\winnt\system32\msi.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\winnt\system32\mspaint.exe
.
**************************************************************************
.
Czas ukończenia: 2012-12-31 17:56:11 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-12-31 16:56
.
Przed: 18 547 245 056 bajtów wolnych
Po: 18 480 947 200 bajtów wolnych
.
- - End Of File - - B195A65AFF3B1C907C50ED7AB528683C
[/log]

Po ponownym rozrucho ComboFix wyskoczył mi z jakimś błędem:

[img]http://i48.tinypic.com/2vv97bq.png[/img]

A co do tego eseta to usunął rootkit'a ale żaden znak wodny sie nie pojawial.

wirusolog
komentarz
komentarz (edytowane)

Sterownik cyfrowy lubi się odradzać i jak u Ciebie widać - odrodził się.
[hr]
[b]1.[/b] Otwórz notatnik i wklej do niego ten tekst:
[quote]
File::
c:\winnt\system32\drivers\75a9b1f9d00a74c0.sys
c:\documents and settings\alex\Menu Start\Programy\Autostart\runctf.lnk
c:\program files\Common Files\ApnToolbarInstaller.exe
c:\program files\Common Files\ApnStub.exe
c:\program files\Common Files\WinPcapNmap.exe

DirLook::
c:\winnt\system32\drivers

Driver::
75a9b1f9d00a74c0

Folder::
c:\winnt\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}
c:\documents and settings\All Users\AVG Secure Search
c:\program files\AP Suggestor
c:\documents and settings\alex\Dane aplikacji\Akuh
c:\documents and settings\alex\Dane aplikacji\Tahomu
c:\documents and settings\All Users\Dane aplikacji\SimilarSites
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner
c:\documents and settings\alex\Dane aplikacji\Amlie
c:\documents and settings\alex\Dane aplikacji\Lepayg
c:\documents and settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"=-
"tscuninstall"=-[/quote]
[b]>>Plik>>Zapisz jako... >>> [color=orange]CFScript[/color][/b]
Przeciągnij i upuść plik [color=orange][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color=blue]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Ma się rozpocząć usuwanie (i powstanie log). Daj ten log.

[b]2.[/b] Proszę o dostarczenie logu z [url="http://support.kaspersky.com/pl/faq/?qid=208283359"][b][color=blue][u]TDSSKiller[/u][/color][/b][/url].

  • Dobra wypowiedź 1
kamann
komentarz
komentarz

Po tym przeciągnięciu zamiast usuwanie pojawiło się jakieś rozpakowywanie i zaczął jeszcze raz skanować system.

wirusolog
komentarz
komentarz

[quote]
Po tym przeciągnięciu zamiast usuwanie pojawiło się jakieś rozpakowywanie i zaczął jeszcze raz skanować system.[/quote]
O to chodzi, po 50 etapie rozpocznie się proces usuwania.

kamann
komentarz
komentarz (edytowane)

Ok, to wrzucam logi:

ComboFix
[log]ComboFix 12-12-31.01 - alex 2012-12-31 18:22:48.2.2 - x86
Uruchomiony z: c:\documents and settings\alex\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\alex\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
FILE ::
"c:\documents and settings\alex\Menu Start\Programy\Autostart\runctf.lnk"
"c:\program files\Common Files\ApnStub.exe"
"c:\program files\Common Files\ApnToolbarInstaller.exe"
"c:\program files\Common Files\WinPcapNmap.exe"
"c:\winnt\system32\drivers\75a9b1f9d00a74c0.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\alex\Dane aplikacji\Akuh
c:\documents and settings\alex\Dane aplikacji\Akuh\reuto.abl
c:\documents and settings\alex\Dane aplikacji\Akuh\reuto.tmp
c:\documents and settings\alex\Dane aplikacji\Amlie
c:\documents and settings\alex\Dane aplikacji\Lepayg
c:\documents and settings\alex\Dane aplikacji\Lepayg\izasz.exe
c:\documents and settings\alex\Dane aplikacji\Tahomu
c:\documents and settings\alex\Dane aplikacji\Tahomu\zucew.eze
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner\backburner.log
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner\backburner.xml
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner\backburnerServer.log
c:\documents and settings\alex\Ustawienia lokalne\Dane aplikacji\backburner\nrapi.conf
c:\documents and settings\All Users\AVG Secure Search
c:\documents and settings\All Users\AVG Secure Search\Statistics\stats.ini
c:\documents and settings\All Users\Dane aplikacji\SimilarSites
c:\documents and settings\All Users\Dane aplikacji\SimilarSites\prefs.js
c:\documents and settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
c:\documents and settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1\supt4pc_pl_1\update.cyl
c:\program files\AP Suggestor
c:\program files\AP Suggestor\AddressBarInstance.dll
c:\program files\AP Suggestor\APSuggestor.crx
c:\program files\AP Suggestor\RestartIE.exe
c:\program files\AP Suggestor\SMBarBroker.exe
c:\program files\AP Suggestor\Uninstall.exe
c:\program files\Common Files\ApnStub.exe
c:\program files\Common Files\ApnToolbarInstaller.exe
c:\program files\Common Files\WinPcapNmap.exe
c:\winnt\Installer\{851F32D0-C376-773E-ED77-03CACD278FAC}
c:\winnt\system32\drivers\75a9b1f9d00a74c0.sys
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_75A9B1F9D00A74C0
-------\Service_75a9b1f9d00a74c0
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-28 do 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\winnt\system32\xircom
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\winnt\system32\wbem\snmp
2012-12-31 16:51 . 2012-12-31 16:51 -------- d-----w- c:\program files\microsoft frontpage
2012-12-31 15:34 . 2012-12-31 15:34 -------- d-----w- c:\winnt\ERUNT
2012-12-31 15:34 . 2012-12-31 15:34 -------- d-----w- C:\JRT
2012-12-31 15:01 . 2012-12-31 15:01 -------- d-----w- C:\_OTL
2012-12-27 21:01 . 2012-12-27 21:01 -------- d-----w- c:\documents and settings\UpdatusUser\Dane aplikacji\TuneUp Software
2012-12-27 20:56 . 2012-12-27 20:56 2176 ----a-w- C:\kopia rejj.reg
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\TuneUp Software
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2012-12-27 20:10 . 2012-12-27 20:10 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-24 12:27 . 2012-12-24 12:27 388096 ----a-r- c:\documents and settings\alex\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-24 12:27 . 2012-12-24 12:27 -------- d-----w- c:\program files\Trend Micro
2012-12-21 11:40 . 2012-12-21 11:40 26984 ----a-w- c:\winnt\system32\drivers\avgtpx86.sys
2012-12-14 22:17 . 2012-12-14 22:17 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\Gune
2012-12-07 20:37 . 2012-12-07 20:37 -------- d-----w- C:\Users
2012-12-07 10:54 . 2012-12-07 10:54 -------- d-----w- c:\program files\Common Files\Steam
2012-12-05 21:30 . 2012-12-05 21:30 -------- d-----w- c:\documents and settings\alex\Dane aplikacji\OpenOffice.org
2012-12-04 20:08 . 2012-12-04 20:08 -------- d-----w- c:\program files\ESET
2012-12-04 11:55 . 2012-12-04 16:18 -------- d-----w- c:\program files\SEGA
2012-12-03 13:03 . 2012-12-03 13:03 -------- d-----w- C:\Windows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 20:12 . 2009-10-24 14:32 466008 ----a-w- c:\winnt\system32\drivers\sptd.sys
2012-12-20 13:07 . 2009-12-01 13:49 138464 ----a-w- c:\winnt\system32\drivers\PnkBstrK.sys
2012-12-20 13:07 . 2009-12-01 13:49 111928 ----a-w- c:\winnt\system32\PnkBstrB.exe
2012-12-20 13:04 . 2009-10-24 11:44 16608 ----a-w- c:\winnt\gdrv.sys
2012-12-03 13:35 . 2009-12-01 18:54 22328 -c--a-w- c:\documents and settings\alex\Dane aplikacji\PnkBstrK.sys
2012-12-03 13:35 . 2012-09-22 08:49 682280 ------w- c:\winnt\system32\pbsvc.exe
2012-12-03 13:35 . 2009-12-01 13:48 66872 ------w- c:\winnt\system32\PnkBstrA.exe
2012-11-30 18:04 . 2012-11-30 18:04 507392 ------w- c:\winnt\system32\dxgi.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ------w- c:\winnt\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ------w- c:\winnt\system32\QuickTime.qts
2012-10-20 11:33 . 2012-10-20 11:33 6081842 ----a-w- C:\driver_fusion_1.2.0.exe
2012-10-20 09:50 . 2012-10-20 09:49 155576680 ----a-w- C:\306.81-desktop-winxp-32bit-international-whql.exe
2012-10-11 17:25 . 2012-10-11 17:25 696760 ------w- c:\winnt\system32\FlashPlayerApp.exe
2012-10-11 17:25 . 2011-08-29 22:22 73656 ------w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-10-10 19:20 . 2012-10-10 18:17 5328 ----a-w- C:\TABELICE.EXE
2012-12-04 16:06 . 2012-10-27 18:16 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\winnt\system32\drivers ----
.
2012-12-21 11:40 . 2012-12-21 11:40 26984 ----a-w- c:\winnt\system32\drivers\avgtpx86.sys
2012-10-20 12:47 . 2012-09-23 14:28 12557728 ------w- c:\winnt\system32\drivers\nv4_mini.sys
2011-07-28 12:03 . 2009-03-20 08:01 12160 ------w- c:\winnt\system32\drivers\ss_bcm.sys
2011-07-28 12:03 . 2009-03-20 08:01 12160 -c----w- c:\winnt\system32\drivers\ss_bcmnt.sys
2011-07-28 12:03 . 2009-03-20 08:01 14976 ------w- c:\winnt\system32\drivers\ss_bmdfl.sys
2011-07-28 12:03 . 2009-03-20 08:01 121856 ------w- c:\winnt\system32\drivers\ss_bmdm.sys
2011-07-28 12:03 . 2009-03-20 08:01 90112 ------w- c:\winnt\system32\drivers\ss_bbus.sys
2011-07-28 12:03 . 2009-03-20 08:01 12160 ------w- c:\winnt\system32\drivers\ss_bwh.sys
2011-07-28 12:03 . 2009-03-20 08:01 12160 -c----w- c:\winnt\system32\drivers\ss_bwhnt.sys
2011-02-19 14:23 . 2004-08-03 22:10 11136 -c----w- c:\winnt\system32\drivers\SLIP.sys
2011-01-15 16:20 . 2011-01-15 16:20 30208 ----a-w- c:\winnt\system32\drivers\VClone.sys
2010-12-30 19:47 . 2010-12-30 19:47 0 -c----w- c:\winnt\system32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-12-23 21:39 . 2010-06-17 13:27 28520 ------w- c:\winnt\system32\drivers\ssmdrv.sys
2010-12-23 21:39 . 2011-06-29 07:31 138192 ------w- c:\winnt\system32\drivers\avipbb.sys
2010-12-23 21:39 . 2010-06-17 13:27 22360 ------w- c:\winnt\system32\drivers\avgntmgr.sys
2010-12-23 21:39 . 2010-06-17 13:27 45416 ------w- c:\winnt\system32\drivers\avgntdd.sys
2010-12-19 11:45 . 2005-09-23 21:18 171520 ------w- c:\winnt\system32\drivers\MarvinBus.sys
2010-12-17 16:15 . 2004-08-03 21:58 5504 -c----w- c:\winnt\system32\drivers\MSTEE.sys
2010-12-17 16:15 . 2004-08-03 22:10 85376 -c----w- c:\winnt\system32\drivers\NABTSFEC.sys
2010-12-17 16:15 . 2004-08-03 22:10 17024 -c----w- c:\winnt\system32\drivers\CCDECODE.sys
2010-12-17 16:14 . 2004-08-03 22:10 51328 -c----w- c:\winnt\system32\drivers\msdv.sys
2010-12-17 16:14 . 2004-08-03 22:10 38912 -c----w- c:\winnt\system32\drivers\avc.sys
2010-12-17 16:14 . 2004-08-03 22:10 48128 -c----w- c:\winnt\system32\drivers\61883.sys
2010-11-14 13:01 . 2005-01-05 17:02 6912 -c----w- c:\winnt\system32\drivers\vulfnth.sys
2010-11-14 13:01 . 2005-06-06 16:51 11264 -c----w- c:\winnt\system32\drivers\vulfntr.sys
2010-11-11 11:27 . 2010-07-22 16:13 41912 -c----w- c:\winnt\system32\drivers\FSPFltd.sys
2010-08-14 20:58 . 2010-08-14 20:58 0 -c----w- c:\winnt\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
2010-05-24 13:50 . 2004-07-09 02:26 14976 -c----w- c:\winnt\system32\drivers\streamip.sys
2010-05-24 13:50 . 2004-07-09 02:26 18688 -c----w- c:\winnt\system32\drivers\wstcodec.sys
2010-05-24 13:50 . 2004-07-09 02:26 10112 -c----w- c:\winnt\system32\drivers\ndisip.sys
2010-05-24 13:50 . 2004-07-09 02:26 15104 -c----w- c:\winnt\system32\drivers\mpe.sys
2010-05-24 13:50 . 2004-07-09 02:26 11392 -c----w- c:\winnt\system32\drivers\bdasup.sys
2010-05-22 15:17 . 2009-05-18 11:17 26600 ------w- c:\winnt\system32\drivers\GEARAspiWDM.sys
2009-12-06 13:10 . 2008-06-14 17:36 273024 -c----w- c:\winnt\system32\drivers\bthport.sys
2009-12-01 13:49 . 2012-12-20 13:07 138464 ----a-w- c:\winnt\system32\drivers\PnkBstrK.sys
2009-11-21 20:39 . 2001-08-17 19:19 3712 ------w- c:\winnt\system32\drivers\ctljystk.sys
2009-11-21 20:39 . 2004-08-03 22:08 10624 ------w- c:\winnt\system32\drivers\gameenum.sys
2009-11-21 20:39 . 2001-08-17 19:19 36480 ------w- c:\winnt\system32\drivers\sfmanm.sys
2009-11-21 20:39 . 2001-08-17 19:19 283904 ------w- c:\winnt\system32\drivers\emu10k1m.sys
2009-11-21 20:39 . 2001-08-17 19:19 6912 ------w- c:\winnt\system32\drivers\ctlfacem.sys
2009-11-21 20:39 . 2001-07-22 01:49 2104298 ------w- c:\winnt\system32\drivers\2gmgsmt.sf2
2009-11-17 15:31 . 2009-04-28 20:20 9072 -c----w- c:\winnt\system32\drivers\cdr4_xp.sys
2009-11-17 15:31 . 2009-04-28 20:20 9200 -c----w- c:\winnt\system32\drivers\cdralw2k.sys
2009-11-17 15:31 . 2009-04-28 20:20 44944 ------w- c:\winnt\system32\drivers\PxHelp20.sys
2009-11-17 05:35 . 2004-08-03 22:01 25856 ------w- c:\winnt\system32\drivers\usbprint.sys
2009-10-24 14:32 . 2012-12-27 20:12 466008 ----a-w- c:\winnt\system32\drivers\sptd.sys
2009-10-24 13:29 . 2001-08-17 21:59 3072 ------w- c:\winnt\system32\drivers\audstub.sys
2009-10-24 13:28 . 2004-08-03 23:35 58624 ------w- c:\winnt\system32\drivers\redbook.sys
2009-10-24 13:28 . 2001-08-17 21:46 6400 -c----w- c:\winnt\system32\drivers\enum1394.sys
2009-10-24 13:26 . 2004-08-03 23:00 11264 -c----w- c:\winnt\system32\drivers\irenum.sys
2009-10-24 12:42 . 2004-08-03 23:38 14848 ------w- c:\winnt\system32\drivers\kbdhid.sys
2009-10-24 12:42 . 2001-08-17 20:02 9600 ------w- c:\winnt\system32\drivers\hidusb.sys
2009-10-24 12:42 . 2004-08-03 21:08 31616 ------w- c:\winnt\system32\drivers\usbccgp.sys
2009-10-24 12:28 . 2011-06-29 07:31 66616 ------w- c:\winnt\system32\drivers\avgntflt.sys
2009-10-24 11:51 . 2007-10-11 09:10 30008 ----a-w- c:\winnt\system32\drivers\ET5Drv.sys
2009-10-24 11:49 . 2008-01-03 14:10 105856 ------w- c:\winnt\system32\drivers\Rtenicxp.sys
2009-10-24 11:47 . 2004-08-03 21:07 6400 ------w- c:\winnt\system32\drivers\splitter.sys
2009-10-24 11:47 . 2004-08-03 21:15 82944 ------w- c:\winnt\system32\drivers\wdmaud.sys
2009-10-24 11:47 . 2004-08-03 21:07 52864 ------w- c:\winnt\system32\drivers\DMusic.sys
2009-10-24 11:47 . 2001-08-17 20:00 54272 ------w- c:\winnt\system32\drivers\swmidi.sys
2009-10-24 11:47 . 2004-08-03 20:39 142464 ------w- c:\winnt\system32\drivers\aec.sys
2009-10-24 11:47 . 2004-08-03 21:07 171776 ------w- c:\winnt\system32\drivers\kmixer.sys
2009-10-24 11:47 . 2004-08-03 21:07 2944 ------w- c:\winnt\system32\drivers\drmkaud.sys
2009-10-24 11:47 . 2004-08-03 21:15 60800 ------w- c:\winnt\system32\drivers\sysaudio.sys
2009-10-24 11:47 . 2004-08-03 20:58 7552 -c----w- c:\winnt\system32\drivers\MSKSSRV.sys
2009-10-24 11:47 . 2004-08-03 20:58 4992 -c----w- c:\winnt\system32\drivers\MSPQM.sys
2009-10-24 11:47 . 2004-08-03 20:58 5376 -c----w- c:\winnt\system32\drivers\MSPCLOCK.sys
2009-10-24 11:47 . 2004-08-03 22:08 60288 ------w- c:\winnt\system32\drivers\drmk.sys
2009-10-24 11:47 . 2008-02-14 09:04 4676096 ------w- c:\winnt\system32\drivers\RtkHDAud.sys
2009-10-24 11:36 . 2004-08-03 23:01 124800 ------w- c:\winnt\system32\drivers\fltMgr.sys
2009-10-24 11:36 . 2004-08-04 00:39 73472 ------w- c:\winnt\system32\drivers\sr.sys
2009-10-24 11:34 . 2004-08-04 00:44 21896 -c----w- c:\winnt\system32\drivers\tdtcp.sys
2009-10-24 11:34 . 2004-08-04 00:44 12040 -c----w- c:\winnt\system32\drivers\tdpipe.sys
2009-10-24 11:34 . 2006-05-13 14:23 139528 -c----w- c:\winnt\system32\drivers\rdpwd.sys
2009-10-24 11:34 . 2004-08-03 22:44 40840 ------w- c:\winnt\system32\drivers\termdd.sys
2009-10-24 11:34 . 2004-08-03 21:01 196864 ------w- c:\winnt\system32\drivers\rdpdr.sys
2009-03-18 15:35 . 2009-03-18 15:35 26176 ------w- c:\winnt\system32\drivers\hamachi.sys
2007-10-25 15:26 . 2009-11-12 13:48 5504 ------w- c:\winnt\system32\drivers\StarOpen.sys
2006-10-18 19:47 . 2006-10-18 19:47 671232 -c----w- c:\winnt\system32\drivers\UMDF\wpdmtpdr.dll
2006-09-28 17:00 . 2006-09-28 17:00 82944 -c----w- c:\winnt\system32\drivers\WudfRd.sys
2006-09-28 16:55 . 2006-09-28 16:55 77568 ------w- c:\winnt\system32\drivers\WudfPf.sys
2006-05-13 14:28 . 2008-06-20 11:51 361600 ------w- c:\winnt\system32\drivers\tcpip.sys
2006-05-13 14:22 . 2009-12-31 16:50 353792 ------w- c:\winnt\system32\drivers\srv.sys
2006-05-13 14:21 . 2006-05-13 14:21 262272 ------w- c:\winnt\system32\drivers\http.sys
2006-05-13 14:20 . 2006-05-13 14:20 134912 ------w- c:\winnt\system32\drivers\ipnat.sys
2006-05-13 14:20 . 2006-05-13 14:20 174592 ------w- c:\winnt\system32\drivers\rdbss.sys
2006-05-13 14:20 . 2006-05-13 14:20 209280 ------w- c:\winnt\system32\drivers\update.sys
2006-05-13 14:20 . 2010-02-24 13:11 455680 ------w- c:\winnt\system32\drivers\mrxsmb.sys
2005-01-28 12:44 . 2006-10-18 18:00 38528 -c----w- c:\winnt\system32\drivers\wpdusb.sys
2005-01-07 15:07 . 2005-01-07 15:07 138752 ------w- c:\winnt\system32\drivers\Hdaudbus.sys
2005-01-07 15:07 . 2005-01-07 15:07 145920 -c----w- c:\winnt\system32\drivers\Hdaudio.sys
2004-08-04 00:38 . 2004-08-04 00:38 153856 ------w- c:\winnt\system32\drivers\dmio.sys
2004-08-04 00:38 . 2004-08-04 00:38 800000 -c----w- c:\winnt\system32\drivers\dmboot.sys
2004-08-04 00:38 . 2004-08-03 23:38 24960 ------w- c:\winnt\system32\drivers\kbdclass.sys
2004-08-04 00:37 . 2006-05-13 15:04 40704 -c----w- c:\winnt\system32\drivers\crusoe.sys
2004-08-04 00:37 . 2004-08-04 00:37 40320 ------w- c:\winnt\system32\drivers\intelppm.sys
2004-08-04 00:36 . 2004-08-04 00:36 52864 ------w- c:\winnt\system32\drivers\volsnap.sys
2004-08-04 00:36 . 2004-08-04 00:36 65664 ------w- c:\winnt\system32\drivers\serial.sys
2004-08-04 00:36 . 2004-08-04 00:36 53504 ------w- c:\winnt\system32\drivers\i8042prt.sys
2004-08-04 00:34 . 2006-05-13 15:04 39552 -c----w- c:\winnt\system32\drivers\processr.sys
2004-08-04 00:34 . 2006-05-13 15:04 41088 -c----w- c:\winnt\system32\drivers\amdk6.sys
2004-08-04 00:34 . 2006-05-13 15:04 41472 -c----w- c:\winnt\system32\drivers\amdk7.sys
2004-08-04 00:34 . 2006-05-13 15:04 23296 ------w- c:\winnt\system32\drivers\mouclass.sys
2004-08-04 00:34 . 2006-05-13 15:04 30208 ------w- c:\winnt\system32\drivers\modem.sys
2004-08-04 00:34 . 2004-08-04 00:34 120064 -c----w- c:\winnt\system32\drivers\pcmcia.sys
2004-08-04 00:34 . 2004-08-03 22:34 68608 ------w- c:\winnt\system32\drivers\pci.sys
2004-08-04 00:34 . 2004-08-04 00:34 188672 ------w- c:\winnt\system32\drivers\acpi.sys
2004-08-04 00:34 . 2006-05-13 15:04 80256 ------w- c:\winnt\system32\drivers\parport.sys
2004-08-04 00:34 . 2006-05-13 15:04 46592 -c----w- c:\winnt\system32\drivers\p3.sys
2004-08-03 23:15 . 2004-08-03 22:15 140928 ------w- c:\winnt\system32\drivers\ks.sys
2004-08-03 23:15 . 2004-08-03 23:15 107904 ------w- c:\winnt\system32\drivers\mup.sys
2004-08-03 23:15 . 2004-08-03 23:15 574592 ------w- c:\winnt\system32\drivers\ntfs.sys
2004-08-03 23:14 . 2004-08-03 23:14 162816 ------w- c:\winnt\system32\drivers\netbt.sys
2004-08-03 23:14 . 2004-08-03 23:14 91776 ------w- c:\winnt\system32\drivers\ndiswan.sys
2004-08-03 23:14 . 2004-08-03 23:14 74752 ------w- c:\winnt\system32\drivers\ipsec.sys
2004-08-03 23:14 . 2004-08-03 23:14 182912 ------w- c:\winnt\system32\drivers\ndis.sys
2004-08-03 23:14 . 2004-08-03 23:14 49664 ------w- c:\winnt\system32\drivers\classpnp.sys
2004-08-03 23:14 . 2004-08-03 23:14 48384 ------w- c:\winnt\system32\drivers\raspptp.sys
2004-08-03 23:14 . 2004-08-03 23:14 51328 ------w- c:\winnt\system32\drivers\rasl2tp.sys
2004-08-03 23:14 . 2004-08-03 23:14 143360 ------w- c:\winnt\system32\drivers\fastfat.sys
2004-08-03 23:14 . 2008-08-14 10:04 138496 ------w- c:\winnt\system32\drivers\afd.sys
2004-08-03 23:14 . 2004-08-03 23:14 63744 ------w- c:\winnt\system32\drivers\cdfs.sys
2004-08-03 23:10 . 2004-08-03 23:10 61056 ------w- c:\winnt\system32\drivers\ohci1394.sys
2004-08-03 23:10 . 2004-08-03 23:10 53248 ------w- c:\winnt\system32\drivers\1394bus.sys
2004-08-03 23:09 . 2006-05-13 15:04 25472 -c----w- c:\winnt\system32\drivers\sonydcam.sys
2004-08-03 23:08 . 2006-05-13 15:04 16000 -c----w- c:\winnt\system32\drivers\usbintel.sys
2004-08-03 23:08 . 2004-08-03 21:08 26496 ------w- c:\winnt\system32\drivers\USBSTOR.SYS
2004-08-03 23:08 . 2004-08-03 21:08 57600 ------w- c:\winnt\system32\drivers\usbhub.sys
2004-08-03 23:08 . 2004-08-03 21:08 142976 ------w- c:\winnt\system32\drivers\usbport.sys
2004-08-03 23:08 . 2004-08-03 21:08 26624 ------w- c:\winnt\system32\drivers\usbehci.sys
2004-08-03 23:08 . 2004-08-03 21:08 20480 ------w- c:\winnt\system32\drivers\usbuhci.sys
2004-08-03 23:08 . 2004-08-03 21:08 36224 ------w- c:\winnt\system32\drivers\hidclass.sys
2004-08-03 23:08 . 2004-08-03 21:08 24960 ------w- c:\winnt\system32\drivers\hidparse.sys
2004-08-03 23:08 . 2004-08-03 22:08 48640 -c----w- c:\winnt\system32\drivers\stream.sys
2004-08-03 23:07 . 2004-08-03 23:07 18560 ------w- c:\winnt\system32\drivers\tdi.sys
2004-08-03 23:07 . 2006-05-13 15:04 15488 ------w- c:\winnt\system32\drivers\mssmbios.sys
2004-08-03 23:07 . 2004-08-03 23:07 67584 -c----w- c:\winnt\system32\drivers\sdbus.sys
2004-08-03 23:07 . 2006-05-13 15:04 63744 -c----w- c:\winnt\system32\drivers\mf.sys
2004-08-03 23:07 . 2010-02-11 12:02 226880 -c----w- c:\winnt\system32\drivers\tcpip6.sys
2004-08-03 23:07 . 2004-08-03 23:07 20992 ------w- c:\winnt\system32\drivers\vga.sys
2004-08-03 23:07 . 2004-08-03 23:07 79744 ------w- c:\winnt\system32\drivers\videoprt.sys
2004-08-03 23:05 . 2004-08-03 23:05 41472 ------w- c:\winnt\system32\drivers\raspppoe.sys
2004-08-03 23:05 . 2004-08-03 23:05 14336 ------w- c:\winnt\system32\drivers\asyncmac.sys
2004-08-03 23:04 . 2004-08-03 23:04 34560 ------w- c:\winnt\system32\drivers\wanarp.sys
2004-08-03 23:04 . 2004-08-03 23:04 20992 -c----w- c:\winnt\system32\drivers\ipinip.sys
2004-08-03 23:04 . 2004-08-03 23:04 12672 -c----w- c:\winnt\system32\drivers\usb8023.sys
2004-08-03 23:04 . 2004-08-03 23:04 30080 -c----w- c:\winnt\system32\drivers\rndismp.sys
2004-08-03 23:04 . 2004-08-03 23:04 69120 ------w- c:\winnt\system32\drivers\psched.sys
2004-08-03 23:04 . 2004-08-03 23:04 35072 ------w- c:\winnt\system32\drivers\msgpc.sys
2004-08-03 23:03 . 2004-08-03 23:03 88448 ------w- c:\winnt\system32\drivers\nwlnkipx.sys
2004-08-03 23:03 . 2004-08-03 23:03 34560 ------w- c:\winnt\system32\drivers\netbios.sys
2004-08-03 23:03 . 2006-05-13 15:04 12416 -c----w- c:\winnt\system32\drivers\tunmp.sys
2004-08-03 23:03 . 2006-05-13 15:04 12928 ------w- c:\winnt\system32\drivers\ndisuio.sys
2004-08-03 23:02 . 2004-08-03 23:02 163584 ------w- c:\winnt\system32\drivers\nwrdr.sys
2004-08-03 23:00 . 2004-08-03 23:00 181248 ------w- c:\winnt\system32\drivers\mrxdav.sys
2004-08-03 23:00 . 2004-08-03 23:00 71040 ------w- c:\winnt\system32\drivers\dxg.sys
2004-08-03 23:00 . 2004-08-03 23:00 30848 ------w- c:\winnt\system32\drivers\npfs.sys
2004-08-03 23:00 . 2004-08-03 23:00 19072 ------w- c:\winnt\system32\drivers\msfs.sys
2004-08-03 23:00 . 2004-08-03 23:00 66176 ------w- c:\winnt\system32\drivers\udfs.sys
2004-08-03 23:00 . 2004-08-03 22:00 41856 ------w- c:\winnt\system32\drivers\imapi.sys
2004-08-03 23:00 . 2004-08-03 23:00 29056 -c----w- c:\winnt\system32\drivers\ip6fw.sys
2004-08-03 23:00 . 2004-08-03 23:00 14976 -c----w- c:\winnt\system32\drivers\tape.sys
2004-08-03 22:59 . 2004-08-03 22:59 71552 -c----w- c:\winnt\system32\drivers\bridge.sys
2004-08-03 22:59 . 2004-08-03 20:59 36352 ------w- c:\winnt\system32\drivers\disk.sys
2004-08-03 22:59 . 2004-08-03 22:59 11136 -c----w- c:\winnt\system32\drivers\sffdisk.sys
2004-08-03 22:59 . 2004-08-03 22:59 10240 -c----w- c:\winnt\system32\drivers\sffp_sd.sys
2004-08-03 22:59 . 2004-08-03 22:59 11392 ------w- c:\winnt\system32\drivers\sfloppy.sys
2004-08-03 22:59 . 2004-08-03 21:59 49536 ------w- c:\winnt\system32\drivers\cdrom.sys
2004-08-03 22:59 . 2004-08-03 22:59 14208 -c----w- c:\winnt\system32\drivers\diskdump.sys
2004-08-03 22:59 . 2004-08-03 22:59 40320 -c----w- c:\winnt\system32\drivers\nmnt.sys
2004-08-03 22:59 . 2009-06-24 11:18 92928 ------w- c:\winnt\system32\drivers\ksecdd.sys
2004-08-03 22:59 . 2004-08-03 20:59 95360 ------w- c:\winnt\system32\drivers\atapi.sys
2004-08-03 22:59 . 2004-08-03 20:59 25088 ------w- c:\winnt\system32\drivers\pciidex.sys
2004-08-03 22:59 . 2004-08-03 22:59 96256 -c----w- c:\winnt\system32\drivers\scsiport.sys
2004-08-03 22:59 . 2004-08-03 22:59 27392 ------w- c:\winnt\system32\drivers\fdc.sys
2004-08-03 22:59 . 2004-08-03 22:59 20480 ------w- c:\winnt\system32\drivers\flpydisk.sys
2004-08-03 22:59 . 2004-08-03 22:59 15488 ------w- c:\winnt\system32\drivers\serenum.sys
2004-08-03 22:58 . 2006-05-13 15:04 4352 ------w- c:\winnt\system32\drivers\swenum.sys
2004-08-03 22:58 . 2004-08-03 22:58 55936 -c----w- c:\winnt\system32\drivers\atmlane.sys
2004-08-03 22:58 . 2004-08-03 22:58 59904 -c----w- c:\winnt\system32\drivers\atmarpc.sys
2004-08-03 22:58 . 2004-08-03 22:58 42240 ------w- c:\winnt\system32\drivers\mountmgr.sys
2004-08-03 22:58 . 2006-05-13 15:04 60800 ------w- c:\winnt\system32\drivers\arp1394.sys
2004-08-03 22:58 . 2006-05-13 15:04 61824 ------w- c:\winnt\system32\drivers\nic1394.sys
2004-08-03 22:58 . 2009-06-22 11:48 91776 -c----w- c:\winnt\system32\drivers\mqac.sys
2004-07-17 11:36 . 2011-10-07 20:26 163644 ------w- c:\winnt\system32\drivers\secdrv.sys
2004-03-16 08:58 . 2004-03-16 08:58 136960 ------w- c:\winnt\system32\drivers\portcls.sys
2001-10-26 18:59 . 2001-10-26 18:59 125568 ------w- c:\winnt\system32\drivers\ftdisk.sys
2001-10-26 18:58 . 2001-10-26 18:58 35072 ------w- c:\winnt\system32\drivers\fips.sys
2001-10-26 18:56 . 2001-10-26 14:56 3456 ------w- c:\winnt\system32\drivers\pciide.sys
2001-10-26 18:55 . 2001-10-26 18:55 6912 ------w- c:\winnt\system32\drivers\parvdm.sys
2001-10-26 18:47 . 2001-10-26 14:47 36224 ------w- c:\winnt\system32\drivers\isapnp.sys
2001-10-26 18:46 . 2001-10-26 18:46 12032 -c----w- c:\winnt\system32\drivers\acpiec.sys
2001-10-26 17:45 . 2011-06-30 19:48 7418 -c----w- c:\winnt\system32\drivers\etc\services
2001-10-26 17:45 . 2001-10-26 17:45 410 -c----w- c:\winnt\system32\drivers\etc\networks
2001-10-26 17:45 . 2001-10-26 17:45 820 ------w- c:\winnt\system32\drivers\etc\protocol
2001-10-26 17:45 . 2001-10-26 17:45 3666 -c----w- c:\winnt\system32\drivers\etc\lmhosts.sam
2001-10-26 17:45 . 2012-12-31 17:30 27 ----a-w- c:\winnt\system32\drivers\etc\hosts
2001-10-26 16:59 . 2006-05-13 14:59 12288 -c----w- c:\winnt\system32\drivers\fsvga.sys
2001-10-26 16:57 . 2006-05-13 14:59 262528 -c----w- c:\winnt\system32\drivers\cinemst2.sys
2001-08-18 08:24 . 2001-08-18 08:24 18688 ------w- c:\winnt\system32\drivers\partmgr.sys
2001-08-18 00:07 . 2001-08-18 00:07 4352 ------w- c:\winnt\system32\drivers\wmilib.sys
2001-08-18 00:03 . 2001-08-18 00:03 4736 ------w- c:\winnt\system32\drivers\usbd.sys
2001-08-17 23:58 . 2001-08-17 23:58 5888 ------w- c:\winnt\system32\drivers\dmload.sys
2001-08-17 23:57 . 2001-08-17 23:57 3456 -c----w- c:\winnt\system32\drivers\oprghdlr.sys
2001-08-17 23:57 . 2001-08-17 23:57 5888 -c----w- c:\winnt\system32\drivers\rootmdm.sys
2001-08-17 23:57 . 2001-08-17 23:57 4224 ------w- c:\winnt\system32\drivers\mnmdd.sys
2001-08-17 23:55 . 2001-08-17 23:55 12032 -c----w- c:\winnt\system32\drivers\ws2ifsl.sys
2001-08-17 23:55 . 2001-08-17 23:55 8832 ------w- c:\winnt\system32\drivers\rasacd.sys
2001-08-17 23:55 . 2001-08-17 23:55 16512 ------w- c:\winnt\system32\drivers\raspti.sys
2001-08-17 23:55 . 2001-08-17 23:55 38016 ------w- c:\winnt\system32\drivers\ndproxy.sys
2001-08-17 23:55 . 2001-08-17 23:55 9600 ------w- c:\winnt\system32\drivers\ndistapi.sys
2001-08-17 23:55 . 2001-08-17 23:55 32896 -c----w- c:\winnt\system32\drivers\ipfltdrv.sys
2001-08-17 23:54 . 2001-08-17 23:54 63232 ------w- c:\winnt\system32\drivers\nwlnknb.sys
2001-08-17 23:54 . 2001-08-17 23:54 55936 ------w- c:\winnt\system32\drivers\nwlnkspx.sys
2001-08-17 23:54 . 2001-08-17 23:54 32512 -c----w- c:\winnt\system32\drivers\nwlnkfwd.sys
2001-08-17 23:54 . 2001-08-17 23:54 12416 -c----w- c:\winnt\system32\drivers\nwlnkflt.sys
2001-08-17 23:53 . 2001-08-23 03:00 10496 ------w- c:\winnt\system32\drivers\dxapi.sys
2001-08-17 23:53 . 2001-08-17 23:53 3328 ------w- c:\winnt\system32\drivers\dxgthk.sys
2001-08-17 23:52 . 2001-08-17 23:52 7680 -c----w- c:\winnt\system32\drivers\mcd.sys
2001-08-17 23:52 . 2008-05-08 14:02 203136 -c----w- c:\winnt\system32\drivers\rmcast.sys
2001-08-17 23:52 . 2001-08-17 23:52 13952 -c----w- c:\winnt\system32\drivers\cbidf2k.sys
2001-08-17 23:50 . 2001-08-17 23:50 14592 -c----w- c:\winnt\system32\drivers\smclib.sys
2001-08-17 23:49 . 2001-08-17 23:49 17792 ------w- c:\winnt\system32\drivers\ptilink.sys
2001-08-17 23:49 . 2001-08-17 23:49 7936 ------w- c:\winnt\system32\drivers\fs_rec.sys
2001-08-17 23:47 . 2001-08-17 23:47 2944 ------w- c:\winnt\system32\drivers\null.sys
2001-08-17 23:47 . 2001-08-17 23:47 4224 ------w- c:\winnt\system32\drivers\beep.sys
2001-08-17 23:47 . 2001-08-17 23:47 352256 -c----w- c:\winnt\system32\drivers\atmuni.sys
2001-08-17 23:46 . 2001-08-17 23:46 4224 ------w- c:\winnt\system32\drivers\rdpcdd.sys
2001-08-17 23:46 . 2001-08-17 23:46 34432 -c----w- c:\winnt\system32\drivers\rawwan.sys
2001-08-17 23:46 . 2001-08-17 23:46 31360 -c----w- c:\winnt\system32\drivers\atmepvc.sys
2001-08-17 22:06 . 2006-05-13 14:59 21376 -c----w- c:\winnt\system32\drivers\tsbvcap.sys
2001-08-17 22:03 . 2006-05-13 14:59 23936 -c----w- c:\winnt\system32\drivers\usbcamd2.sys
2001-08-17 22:03 . 2006-05-13 14:59 23808 -c----w- c:\winnt\system32\drivers\usbcamd.sys
2001-08-17 22:02 . 2006-05-13 14:59 58112 -c----w- c:\winnt\system32\drivers\vdmindvd.sys
2001-08-17 22:01 . 2006-05-13 14:59 51712 -c----w- c:\winnt\system32\drivers\tosdvd.sys
2001-08-17 21:52 . 2006-05-13 14:59 18688 ------w- c:\winnt\system32\drivers\cdaudio.sys
2001-08-17 21:24 . 2006-05-13 14:59 12032 -c----w- c:\winnt\system32\drivers\rio8drv.sys
2001-08-17 21:24 . 2006-05-13 14:59 12032 -c----w- c:\winnt\system32\drivers\riodrv.sys
2001-08-17 21:24 . 2006-05-13 14:59 12032 -c----w- c:\winnt\system32\drivers\nikedrv.sys
2001-08-17 21:24 . 2006-05-13 14:59 11776 -c----w- c:\winnt\system32\drivers\cpqdap01.sys
2001-07-22 05:04 . 2001-07-22 05:04 646 -c----w- c:\winnt\system32\drivers\gmreadme.txt
2001-07-22 05:04 . 2001-07-22 05:04 3440660 ------w- c:\winnt\system32\drivers\gm.dls
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\asyncmac.sys
.
[-] 2001-08-17 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys
.
[-] 2008-04-14 . 2AECA45D4AEAACBDCB77AD11184E4601 . 24960 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\kbdclass.sys
[-] 2004-08-03 . CC13DB862F929AE33F64C3BEDC01CD31 . 24960 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ntfs.sys
.
[-] 2001-08-17 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys
.
[-] 2008-04-14 . B98ED6D85339A66A73F32FB569EB6C01 . 77824 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\browser.dll
[-] 2004-08-04 . 210830D2497FEF78694076179AF8C795 . 77312 . . [5.1.2600.2180] . . c:\winnt\system32\browser.dll
.
[-] 2008-04-14 . 88296F7943F30A1EE3AF735440B92268 . 13312 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\lsass.exe
[-] 2004-08-04 . F485FEFC8CC4FD29243D800BE5D275D1 . 13312 . . [5.1.2600.2180] . . c:\winnt\system32\lsass.exe
.
[-] 2008-04-14 . 4FE97D0B1B182DF2A9BDD4C02155EF5E . 198144 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\netman.dll
[-] 2006-05-13 . 92296EBC8CE6714A3DC3D791E6246580 . 197632 . . [5.1.2600.2743] . . c:\winnt\system32\netman.dll
.
[-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\comres.dll
[-] 2004-08-04 00:43 . 8797D059EEBD5101CC6257EE2D6B900A . 822272 . . [2001.12.4414.258] . . c:\winnt\system32\comres.dll
.
[-] 2008-04-14 . 78200FAA6FD9C69394134C238C87FB7F . 409088 . . [6.7.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\qmgr.dll
[-] 2004-08-04 . A6BFD910074B02C8794FC65F39CC6B28 . 382464 . . [6.6.2600.2180] . . c:\winnt\system32\qmgr.dll
.
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\spoolsv.exe
[-] 2006-05-13 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\system32\spoolsv.exe
.
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
[-] 2004-08-04 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\winnt\system32\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\comctl32.dll
[-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2004-08-04 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 6B105FE95F2E9F0B6346044BA59D41C9 . 62464 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cryptsvc.dll
[-] 2004-08-04 . 91723CD7C96C5854149F9CAE820A90DD . 60416 . . [5.1.2600.2180] . . c:\winnt\system32\cryptsvc.dll
.
[-] 2008-04-14 . 2E9A03268E609917B83921EE16FD9CFB . 110080 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\imm32.dll
[-] 2004-08-04 . BDB679C04273B19BF46BD0D591FDEEC3 . 110080 . . [5.1.2600.2180] . . c:\winnt\system32\imm32.dll
.
[-] 2008-04-14 . EA8DF0AF49E2616F55BF327549E44368 . 19968 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\linkinfo.dll
[-] 2006-05-13 . B489FAA0105744BEB96594E2974DCF69 . 19968 . . [5.1.2600.2751] . . c:\winnt\system32\linkinfo.dll
.
[-] 2008-04-14 . A9C89DBAD5EFF7A06B58302778674507 . 22016 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\lpk.dll
[-] 2004-08-04 . 261DB4366ECB4220EA960F0CA78CABAC . 22016 . . [5.1.2600.2180] . . c:\winnt\system32\lpk.dll
.
[-] 2008-04-14 . 411864012AC39F2B57319AEF64D336DF . 343040 . . [7.0.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msvcrt.dll
[-] 2008-04-14 . 11F8B9042B6F4320B6D4E528664AD693 . 343040 . . [7.0.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-04 . 9AFE931CBC9244A5EB0B9E9D5FA74F44 . 343040 . . [7.0.2600.2180] . . c:\winnt\system32\msvcrt.dll
[-] 2004-08-04 . 9C6F09D2B217A0BF739AF557C84CD3BD . 343040 . . [7.0.2600.2180] . . c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-08-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-04-14 . 414C17A2958AEDAC700BBAAFBF999F94 . 17408 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\powrprof.dll
[-] 2004-08-04 . B20BB2A65349EF132FA7F2EB51A29E5C . 17408 . . [6.00.2900.2180] . . c:\winnt\system32\powrprof.dll
.
[-] 2008-04-14 . 3F74B6B4E2721272A117D25990141F73 . 186368 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\scecli.dll
[-] 2004-08-04 . 3609496AE18FF399920C494270C526F9 . 185344 . . [5.1.2600.2180] . . c:\winnt\system32\scecli.dll
.
[-] 2008-04-14 . 71C6AB6EB8CF1190BAC7075F82BD8F05 . 5120 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfc.dll
[-] 2004-08-04 . 3F342B984E9E1ABD58347DA859CD44C6 . 5120 . . [5.1.2600.2180] . . c:\winnt\system32\sfc.dll
.
[-] 2008-04-14 . 8607D35D92528E2DF386F19A960D23CE . 14336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\svchost.exe
[-] 2004-08-04 . BA98327E90022DBD6EE76490E0622E2E . 14336 . . [5.1.2600.2180] . . c:\winnt\system32\svchost.exe
.
[-] 2008-04-14 . 2340E6977548038C88E39A9ECBB3FADC . 249856 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\tapisrv.dll
[-] 2006-05-13 . 8B050486E57C23624CFD374488FE4A16 . 249344 . . [5.1.2600.2716] . . c:\winnt\system32\tapisrv.dll
.
[-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\user32.dll
[-] 2006-05-13 . 6A93565BE9B8422EB7538C66AC732D76 . 578560 . . [5.1.2600.2622] . . c:\winnt\system32\user32.dll
.
[-] 2008-04-14 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\userinit.exe
[-] 2004-08-04 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180] . . c:\winnt\system32\userinit.exe
.
[-] 2008-04-14 . C0AA2AB856680C44739B41E01F5BD4E9 . 82432 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ws2_32.dll
[-] 2004-08-04 . AB82237486B727DD7DAB36A76F38A3A2 . 82944 . . [5.1.2600.2180] . . c:\winnt\system32\ws2_32.dll
.
[-] 2008-04-14 . F43B5623C5CA5BF6D9678FCF19642422 . 19968 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ws2help.dll
[-] 2004-08-04 . D30F55D0980533DD1C5AC640E05C49E6 . 19968 . . [5.1.2600.2180] . . c:\winnt\system32\ws2help.dll
.
[-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\explorer.exe
[-] 2004-08-04 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\winnt\explorer.exe
.
[-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\regedit.exe
[-] 2004-08-04 . C1FD2A565973DE555A36B335644402EB . 149504 . . [5.1.2600.2180] . . c:\winnt\regedit.exe
.
[-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ole32.dll
[-] 2006-05-13 . BCD128E716934F42D1818EE70652BB98 . 1285632 . . [5.1.2600.2726] . . c:\winnt\system32\ole32.dll
.
[-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\usp10.dll
[-] 2004-08-04 . 8E607A6F159621A8737DF29F46EDA1EF . 406528 . . [1.0420.2600.2180] . . c:\winnt\system32\usp10.dll
.
[-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ksuser.dll
[-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\winnt\system32\ksuser.dll
[-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\winnt\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll
[7] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\winnt\Driver Cache\i386\ksuser.dll
[7] 2002-12-11 22:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ctfmon.exe
[-] 2004-08-04 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\winnt\system32\ctfmon.exe
.
[-] 2008-04-14 . 8AD90ED829B8404D962545ED3EFB1129 . 135680 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\shsvcs.dll
[-] 2004-08-04 . 7C8E934687C496EDC69FDBBD2C277E63 . 135168 . . [6.00.2900.2180] . . c:\winnt\system32\shsvcs.dll
.
[-] 2008-04-14 . 20E2F2943D19E99590157874A0C92BD0 . 4608 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msimg32.dll
[-] 2004-08-04 . 1EFAF33A07CFC49E8830BE28110D3363 . 4608 . . [5.1.2600.2180] . . c:\winnt\system32\msimg32.dll
.
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\srsvc.dll
[-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\winnt\system32\srsvc.dll
.
[-] 2008-04-14 . CC07DA5A1CB214ADDFA50B2FA6935F18 . 13824 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wscntfy.exe
[-] 2004-08-04 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\winnt\system32\wscntfy.exe
.
[-] 2008-04-14 . 24ED6935771359A5AEF1FE8BF0C56F39 . 129024 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\xmlprov.dll
[-] 2004-08-04 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\winnt\system32\xmlprov.dll
.
[-] 2008-04-14 . 0201E0AE0CA44225A8706C7483BF5D9F . 177152 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msctfime.ime
[-] 2004-08-04 . 767BF742B365FD3D5BE3B66402A5E601 . 177152 . . [5.1.2600.2180] . . c:\winnt\system32\MSCTFIME.IME
.
[-] 2008-04-14 . 35FCCFD093582FA9098762E6F84EE119 . 56320 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll
[-] 2004-08-04 . 05684DE2DA55A04C8AAAB5911AFE7643 . 55808 . . [5.1.2600.2180] . . c:\winnt\system32\eventlog.dll
.
[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfcfiles.dll
[-] 2004-08-04 . F044A12CFFB8E58BC044A2605283A636 . 1548288 . . [5.1.2600.2180] . . c:\winnt\system32\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . B472B59EF98469C91651B751D3442CB8 . 59904 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\regsvc.dll
[-] 2004-08-04 . A19BFED61736127DB5B8B815AFB35190 . 59904 . . [5.1.2600.2180] . . c:\winnt\system32\regsvc.dll
.
[-] 2008-04-14 . DD73C11A5C4D14945846384B90A61A4B . 193536 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\schedsvc.dll
[-] 2004-08-04 . E5F1C9EAD4C6617ACD40CA90882CC7D4 . 192000 . . [5.1.2600.2180] . . c:\winnt\system32\schedsvc.dll
.
[-] 2008-04-14 . 2C0B1224AA36B4CA1753302BAA855882 . 71680 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ssdpsrv.dll
[-] 2004-08-04 . BB754C4BE0B18F0FAF01A7EBDE7025C4 . 71680 . . [5.1.2600.2180] . . c:\winnt\system32\ssdpsrv.dll
.
[-] 2008-04-14 . 52E0505408EDD4AB5CCC7F83B67B4299 . 296448 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\termsrv.dll
[-] 2004-08-04 . 2C28157229925280916B3041CCC5FE4B . 296448 . . [5.1.2600.2180] . . c:\winnt\system32\termsrv.dll
.
[-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\hnetcfg.dll
[-] 2004-08-04 . E2012CF69E88C83118472DE4945A27E5 . 346624 . . [5.1.2600.2180] . . c:\winnt\system32\hnetcfg.dll
.
[-] 2008-04-14 . 1561430DA2F2AB81CC0CE71AF95A778D . 172032 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\appmgmts.dll
[-] 2004-08-04 . 8D60B308D061DA209CC271D9B480468C . 172032 . . [5.1.2600.2180] . . c:\winnt\system32\appmgmts.dll
.
[-] 2001-10-26 . 66A42B7DB194E24B973BBCCE840A0F3F . 12032 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\aec.sys
[-] 2004-08-03 20:39 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\mfc40u.dll
[-] 2001-10-26 19:29 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\winnt\system32\mfc40u.dll
.
[-] 2008-04-14 . 36F3AB18B1BE303DA51DE90A67DE3942 . 33792 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\msgsvc.dll
[-] 2004-08-04 . 1D0EBF9EDAE8A61CBF56ED1FF8489FAC . 33792 . . [5.1.2600.2180] . . c:\winnt\system32\msgsvc.dll
.
[-] 2008-04-14 17:20 . 3FB5399DBB7001A80D58EDAD64C98225 . 435712 . . [5.1.2400.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ntmssvc.dll
[-] 2004-08-04 00:44 . C8CE1566B0537C3F5F7AE1CA458A6697 . 435712 . . [5.1.2400.2180] . . c:\winnt\system32\ntmssvc.dll
.
[-] 2008-04-14 . E96A6BAEE0B2A14A38B45830D6E30697 . 186880 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\upnphost.dll
[-] 2004-08-04 . 387D2A06C8E7CCCEA8E9A350C8FE6781 . 185856 . . [5.1.2600.2180] . . c:\winnt\system32\upnphost.dll
.
[-] 2008-04-14 . 4F2DA211B394AF150F00254F346857CD . 367616 . . [5.3.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\dsound.dll
[-] 2004-08-04 . 9E46388FE1308B54F843959FBE2764F9 . 367616 . . [5.3.2600.2180] . . c:\winnt\system32\dsound.dll
[7] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
[7] 2004-07-09 02:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 8881A14051D739A8422C521A83D614DA . 1689088 . . [5.03.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\d3d9.dll
[-] 2004-08-04 . D87BF452D4BE09490D98EFB05D00FD9D . 1689088 . . [5.03.2600.2180] . . c:\winnt\system32\d3d9.dll
.
[-] 2008-04-14 . 277389C269541D4B474BA72CA98A39E4 . 279552 . . [5.03.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ddraw.dll
[-] 2004-08-04 . 1F542A014A9DDB28719630D1D9F1DB94 . 266240 . . [5.03.2600.2180] . . c:\winnt\system32\ddraw.dll
[7] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
[7] 2004-07-09 02:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\winnt\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 17:20 . 24B2954CAA69D904C1F39A3AC1421044 . 84992 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\olepro32.dll
[-] 2004-08-04 00:44 . 46A2A555FAB1BD80FEBCF40670843942 . 83456 . . [5.1.2600.2180] . . c:\winnt\system32\olepro32.dll
.
[-] 2008-04-14 . 2095C42F0026BA1D0F6A4DC07CAEE871 . 41472 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\perfctrs.dll
[-] 2004-08-04 . ACD23BB505C892D56175CC686B5C1509 . 41472 . . [5.1.2600.2180] . . c:\winnt\system32\perfctrs.dll
.
[-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\version.dll
[-] 2004-08-04 . 5005BF45DF1D444E7639408AFAF8EED5 . 18944 . . [5.1.2600.2180] . . c:\winnt\system32\version.dll
.
[-] 2008-04-14 . AF3C3F051675CF688EAD4065FE11542D . 93184 . . [6.00.2900.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\iexplore.exe
.
[-] 2008-04-14 . 316D0E66074AE4CDE641C50D3A1C5148 . 171520 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\srsvc.dll
[-] 2004-08-04 . F309D9894FCA821E3C2F557A8032D47A . 171008 . . [5.1.2600.2180] . . c:\winnt\system32\srsvc.dll
.
[-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\w32time.dll
[-] 2004-08-04 . 000A0D516A2E20441E77AEA44E46B19B . 175616 . . [5.1.2600.2180] . . c:\winnt\system32\w32time.dll
.
[-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wiaservc.dll
[-] 2004-08-04 . C6718154A50FE6C55E382CDBDEDCE7A7 . 333824 . . [5.1.2600.2180] . . c:\winnt\system32\wiaservc.dll
.
[-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\midimap.dll
[-] 2004-08-04 . AB5FC830C5FBAC5DE4C18725D4F4BD7A . 18944 . . [5.1.2600.2180] . . c:\winnt\system32\midimap.dll
.
[-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\rasadhlp.dll
[-] 2004-08-04 . 408C0FBB97B8B32E7CAF6C129EF18820 . 8192 . . [5.1.2600.2180] . . c:\winnt\system32\rasadhlp.dll
.
[-] 2008-04-14 . 03F727DFB0E242428AB7A20434ACF652 . 19456 . . [5.1.2600.5512] . . c:\winnt\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\wshtcpip.dll
[-] 2004-08-04 . ED5518AC5D29D0C90426559DEC88FB02 . 19968 . . [5.1.2600.2180] . . c:\winnt\system32\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\MagicDisc.lnk
backup=c:\winnt\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\runctf.lnk
backup=c:\winnt\pss\runctf.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\alex\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\winnt\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\winnt\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-03-23 23:23 1432064 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-07-28 12:12 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 07:39 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44 15360 ------w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2011-07-04 17:45 13374048 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 09:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-11-15 12:56 18633728 ----a-w- c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 15:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22 421160 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVONA ControlCenter]
2011-02-11 12:52 1659768 ----a-w- c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-09-23 13:04 15512424 ------w- c:\winnt\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-09-23 13:04 108392 ------w- c:\winnt\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-09-23 14:28 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2009-11-14 04:30 70144 ------w- c:\winnt\system32\mmrtkrnl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 ------r- c:\winnt\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-07 10:54 1354736 ----a-w- d:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winmgmt"=2 (0x2)
"vToolbarUpdater13.3.2"=2 (0x2)
"syshost32"=2 (0x2)
"PC Performer Manager"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"wlidsvc"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PnkBstrA"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NwSapAgent"=2 (0x2)
"NWCWorkstation"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMSAccess"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LmHosts"=2 (0x2)
"LexBceS"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GEST Service"=3 (0x3)
"FsUsbExService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 FsUsbExDisk;FsUsbExDisk;c:\winnt\system32\FsUsbExDisk.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\winnt\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\winnt\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\winnt\system32\DRIVERS\ss_bmdm.sys [x]
R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R4 FsUsbExService;FsUsbExService;c:\winnt\system32\FsUsbExService.Exe [x]
R4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R4 sptd;sptd;c:\winnt\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\winnt\system32\drivers\avgtpx86.sys [x]
.
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} -
FF - ProfilePath - c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\
FF - ExtSQL: 2012-11-28 15:41; {E71B541F-5E72-5555-A47C-E47863195841}; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
FF - ExtSQL: 2012-12-03 14:17; 50bca68325817@50bca68325850.com; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\50bca68325817@50bca68325850.com
FF - ExtSQL: 2012-12-03 14:19; 50bca6e119380@50bca6e1193b9.com; c:\documents and settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\50bca6e119380@50bca6e1193b9.com
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Efruqynya - c:\documents and settings\alex\Dane aplikacji\Lepayg\izasz.exe
AddRemove-AP Suggestor - c:\program files\AP Suggestor\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2012-12-31 18:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f1,c6,38,c8,ae,ce,f6,ec,13,c1,67,c8,73,8c,05,8a,7d,a3,84,b1,6e,
05,52,71,e1,12,13,90,15,e3,85,4a,db,f6,33,f6,b4,23,c2,ad,66,86,63,dd,82,75,\
"rkeysecu"=hex:81,f1,c7,47,73,db,0b,ae,dd,fc,c8,55,8c,3f,4d,20
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1680)
c:\winnt\system32\msi.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2012-12-31 18:33:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-12-31 17:33
ComboFix2.txt 2012-12-31 16:56
.
Przed: 18 494 377 984 bajtów wolnych
Po: 18 475 565 056 bajtów wolnych
.
- - End Of File - - FB1A6997F65C9C43F5B9E2A23072F71C
[/log]

TDSSKiller
[log]18:35:34.0296 1712 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:35:34.0328 1712 ============================================================
18:35:34.0328 1712 Current date / time: 2012/12/31 18:35:34.0328
18:35:34.0328 1712 SystemInfo:
18:35:34.0328 1712
18:35:34.0328 1712 OS Version: 5.1.2600 ServicePack: 3.0
18:35:34.0328 1712 Product type: Workstation
18:35:34.0328 1712 ComputerName: ALEX
18:35:34.0328 1712 UserName: alex
18:35:34.0328 1712 Windows directory: C:\WINNT
18:35:34.0328 1712 System windows directory: C:\WINNT
18:35:34.0328 1712 Processor architecture: Intel x86
18:35:34.0328 1712 Number of processors: 2
18:35:34.0328 1712 Page size: 0x1000
18:35:34.0328 1712 Boot type: Normal boot
18:35:34.0328 1712 ============================================================
18:35:35.0328 1712 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:35:35.0328 1712 Drive \Device\Harddisk1\DR4 - Size: 0x3A8C00000 (14.64 Gb), SectorSize: 0x200, Cylinders: 0x776, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:35:35.0328 1712 Drive \Device\Harddisk2\DR6 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:35:35.0343 1712 ============================================================
18:35:35.0343 1712 \Device\Harddisk0\DR0:
18:35:35.0343 1712 MBR partitions:
18:35:35.0343 1712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
18:35:35.0359 1712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xEA60903
18:35:35.0375 1712 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14C082E7, BlocksNum 0x10821519
18:35:35.0375 1712 \Device\Harddisk1\DR4:
18:35:35.0375 1712 MBR partitions:
18:35:35.0375 1712 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D45FC1
18:35:35.0375 1712 \Device\Harddisk2\DR6:
18:35:35.0375 1712 MBR partitions:
18:35:35.0375 1712 \Device\Harddisk2\DR6\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
18:35:35.0375 1712 ============================================================
18:35:35.0406 1712 C: <-> \Device\Harddisk0\DR0\Partition1
18:35:35.0531 1712 D: <-> \Device\Harddisk0\DR0\Partition2
18:35:35.0656 1712 E: <-> \Device\Harddisk0\DR0\Partition3
18:35:35.0656 1712 ============================================================
18:35:35.0656 1712 Initialize success
18:35:35.0656 1712 ============================================================
18:35:42.0812 0456 ============================================================
18:35:42.0812 0456 Scan started
18:35:42.0812 0456 Mode: Manual;
18:35:42.0812 0456 ============================================================
18:35:43.0062 0456 ================ Scan system memory ========================
18:35:43.0062 0456 System memory - ok
18:35:43.0062 0456 ================ Scan services =============================
18:35:43.0171 0456 [ 86D7B1E70661D754685B9AC6D749AAE5 ] 61883 C:\WINNT\system32\DRIVERS\61883.sys
18:35:43.0171 0456 61883 - ok
18:35:43.0171 0456 Abiosdsk - ok
18:35:43.0171 0456 abp480n5 - ok
18:35:43.0187 0456 [ A966410ECF83B81F3B0B8E07A71957D4 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
18:35:43.0203 0456 ACPI - ok
18:35:43.0218 0456 [ 66A42B7DB194E24B973BBCCE840A0F3F ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
18:35:43.0218 0456 ACPIEC - ok
18:35:43.0218 0456 adpu160m - ok
18:35:43.0250 0456 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINNT\system32\drivers\aec.sys
18:35:43.0250 0456 aec - ok
18:35:43.0281 0456 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINNT\System32\drivers\afd.sys
18:35:43.0281 0456 AFD - ok
18:35:43.0296 0456 Aha154x - ok
18:35:43.0296 0456 aic78u2 - ok
18:35:43.0296 0456 aic78xx - ok
18:35:43.0312 0456 [ F79B5C5B0A77A134C5671992335D1409 ] Alerter C:\WINNT\system32\alrsvc.dll
18:35:43.0312 0456 Alerter - ok
18:35:43.0328 0456 [ 9D12991BC6B6C5C0FBAB4C06E7073DF1 ] ALG C:\WINNT\System32\alg.exe
18:35:43.0328 0456 ALG - ok
18:35:43.0328 0456 AliIde - ok
18:35:43.0328 0456 amsint - ok
18:35:43.0390 0456 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:35:43.0390 0456 AntiVirSchedulerService - ok
18:35:43.0406 0456 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:35:43.0406 0456 AntiVirService - ok
18:35:43.0421 0456 [ 8D60B308D061DA209CC271D9B480468C ] AppMgmt C:\WINNT\System32\appmgmts.dll
18:35:43.0437 0456 AppMgmt - ok
18:35:43.0453 0456 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys
18:35:43.0453 0456 Arp1394 - ok
18:35:43.0453 0456 asc - ok
18:35:43.0453 0456 asc3350p - ok
18:35:43.0468 0456 asc3550 - ok
18:35:43.0546 0456 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:35:43.0546 0456 aspnet_state - ok
18:35:43.0562 0456 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
18:35:43.0562 0456 AsyncMac - ok
18:35:43.0593 0456 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
18:35:43.0593 0456 atapi - ok
18:35:43.0593 0456 Atdisk - ok
18:35:43.0625 0456 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
18:35:43.0625 0456 Atmarpc - ok
18:35:43.0640 0456 [ 18BFF5EBA35F2562C5AA03EB9C6BA29E ] AudioSrv C:\WINNT\System32\audiosrv.dll
18:35:43.0640 0456 AudioSrv - ok
18:35:43.0671 0456 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
18:35:43.0671 0456 audstub - ok
18:35:43.0703 0456 [ 87C223ADB8F7596B31CAAE3C67B16DDD ] Avc C:\WINNT\system32\DRIVERS\avc.sys
18:35:43.0703 0456 Avc - ok
18:35:43.0718 0456 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:35:43.0718 0456 avgio - ok
18:35:43.0750 0456 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINNT\system32\DRIVERS\avgntflt.sys
18:35:43.0750 0456 avgntflt - ok
18:35:43.0781 0456 [ C6B83088D7EE2D3212AF7F2515E17725 ] avgtp C:\WINNT\system32\drivers\avgtpx86.sys
18:35:43.0781 0456 avgtp - ok
18:35:43.0796 0456 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINNT\system32\DRIVERS\avipbb.sys
18:35:43.0796 0456 avipbb - ok
18:35:43.0812 0456 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
18:35:43.0812 0456 Beep - ok
18:35:43.0843 0456 [ A6BFD910074B02C8794FC65F39CC6B28 ] BITS C:\WINNT\system32\qmgr.dll
18:35:43.0859 0456 BITS - ok
18:35:43.0859 0456 [ 210830D2497FEF78694076179AF8C795 ] Browser C:\WINNT\System32\browser.dll
18:35:43.0859 0456 Browser - ok
18:35:43.0875 0456 catchme - ok
18:35:43.0890 0456 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
18:35:43.0890 0456 cbidf2k - ok
18:35:43.0906 0456 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINNT\system32\DRIVERS\CCDECODE.sys
18:35:43.0906 0456 CCDECODE - ok
18:35:43.0906 0456 cd20xrnt - ok
18:35:43.0921 0456 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
18:35:43.0921 0456 Cdaudio - ok
18:35:43.0937 0456 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
18:35:43.0937 0456 Cdfs - ok
18:35:43.0968 0456 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
18:35:43.0968 0456 Cdrom - ok
18:35:43.0968 0456 Changer - ok
18:35:43.0984 0456 [ B4E0A9B9064AA79AE188C0D953543520 ] CiSvc C:\WINNT\system32\cisvc.exe
18:35:43.0984 0456 CiSvc - ok
18:35:44.0015 0456 [ 1B11121083C32EA9A55ABE547A23FF71 ] ClipSrv C:\WINNT\system32\clipsrv.exe
18:35:44.0015 0456 ClipSrv - ok
18:35:44.0046 0456 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:44.0046 0456 clr_optimization_v2.0.50727_32 - ok
18:35:44.0078 0456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:44.0078 0456 clr_optimization_v4.0.30319_32 - ok
18:35:44.0078 0456 CmdIde - ok
18:35:44.0093 0456 COMSysApp - ok
18:35:44.0093 0456 Cpqarray - ok
18:35:44.0109 0456 [ 91723CD7C96C5854149F9CAE820A90DD ] CryptSvc C:\WINNT\System32\cryptsvc.dll
18:35:44.0109 0456 CryptSvc - ok
18:35:44.0140 0456 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINNT\system32\DRIVERS\ctljystk.sys
18:35:44.0140 0456 ctljystk - ok
18:35:44.0156 0456 dac2w2k - ok
18:35:44.0156 0456 dac960nt - ok
18:35:44.0203 0456 [ A37311D9D628C1042A2836731787F0F3 ] DcomLaunch C:\WINNT\system32\rpcss.dll
18:35:44.0203 0456 DcomLaunch - ok
18:35:44.0234 0456 [ 94B49F2D487A7D4A79B3E96B6D5685B0 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
18:35:44.0234 0456 Dhcp - ok
18:35:44.0265 0456 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
18:35:44.0265 0456 Disk - ok
18:35:44.0265 0456 dmadmin - ok
18:35:44.0296 0456 [ 3B809FFAD55DCEBDB156D5CA1BD3DA65 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
18:35:44.0312 0456 dmboot - ok
18:35:44.0328 0456 [ 27725B6501201C3080BA73048BCE389A ] dmio C:\WINNT\system32\drivers\dmio.sys
18:35:44.0343 0456 dmio - ok
18:35:44.0359 0456 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
18:35:44.0359 0456 dmload - ok
18:35:44.0375 0456 [ 4ADBB7593EC0115F7622C335B427C3DA ] dmserver C:\WINNT\System32\dmserver.dll
18:35:44.0375 0456 dmserver - ok
18:35:44.0390 0456 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
18:35:44.0390 0456 DMusic - ok
18:35:44.0406 0456 [ F61C204EBCAA1D6B5FB5DFE7034741F3 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
18:35:44.0406 0456 Dnscache - ok
18:35:44.0406 0456 dpti2o - ok
18:35:44.0421 0456 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
18:35:44.0421 0456 drmkaud - ok
18:35:44.0453 0456 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINNT\system32\drivers\emu10k1m.sys
18:35:44.0453 0456 emu10k - ok
18:35:44.0453 0456 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINNT\system32\drivers\ctlfacem.sys
18:35:44.0453 0456 emu10k1 - ok
18:35:44.0484 0456 [ EFD32591F9E29C00A5814DF3F6D46683 ] ERSvc C:\WINNT\System32\ersvc.dll
18:35:44.0484 0456 ERSvc - ok
18:35:44.0500 0456 [ E5030E34DE21A6818E8586BFB7DD4B60 ] ET5Drv C:\WINNT\system32\Drivers\ET5Drv.sys
18:35:44.0500 0456 ET5Drv - ok
18:35:44.0531 0456 [ 02A467E27AF55F7064C5B251E587315F ] Eventlog C:\WINNT\system32\services.exe
18:35:44.0531 0456 Eventlog - ok
18:35:44.0562 0456 [ 6AFF804839C85859E0247164FBE5F5BB ] EventSystem C:\WINNT\system32\es.dll
18:35:44.0562 0456 EventSystem - ok
18:35:44.0578 0456 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
18:35:44.0578 0456 Fastfat - ok
18:35:44.0609 0456 [ 7C8E934687C496EDC69FDBBD2C277E63 ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
18:35:44.0609 0456 FastUserSwitchingCompatibility - ok
18:35:44.0625 0456 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINNT\system32\drivers\Fdc.sys
18:35:44.0625 0456 Fdc - ok
18:35:44.0640 0456 [ C5FB298257C0A6514EA17835E774EA0A ] Fips C:\WINNT\system32\drivers\Fips.sys
18:35:44.0656 0456 Fips - ok
18:35:44.0718 0456 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:35:44.0750 0456 FLEXnet Licensing Service - ok
18:35:44.0765 0456 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINNT\system32\drivers\Flpydisk.sys
18:35:44.0765 0456 Flpydisk - ok
18:35:44.0781 0456 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINNT\system32\DRIVERS\fltMgr.sys
18:35:44.0781 0456 FltMgr - ok
18:35:44.0828 0456 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:35:44.0828 0456 FontCache3.0.0.0 - ok
18:35:44.0843 0456 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINNT\system32\FsUsbExDisk.SYS
18:35:44.0843 0456 FsUsbExDisk - ok
18:35:44.0875 0456 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\WINNT\system32\FsUsbExService.Exe
18:35:44.0875 0456 FsUsbExService - ok
18:35:44.0906 0456 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
18:35:44.0906 0456 Fs_Rec - ok
18:35:44.0906 0456 [ ED6D921D8AB423138FB35BEEE6D6A6CB ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
18:35:44.0906 0456 Ftdisk - ok
18:35:44.0937 0456 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINNT\system32\DRIVERS\gameenum.sys
18:35:44.0937 0456 gameenum - ok
18:35:44.0968 0456 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINNT\gdrv.sys
18:35:44.0968 0456 gdrv - ok
18:35:44.0984 0456 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
18:35:45.0000 0456 GEARAspiWDM - ok
18:35:45.0015 0456 [ A73082BAB773171B34D656609C6D5854 ] GEST Service C:\Program Files\GIGABYTE\GEST\GSvr.exe
18:35:45.0015 0456 GEST Service - ok
18:35:45.0031 0456 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
18:35:45.0031 0456 Gpc - ok
18:35:45.0046 0456 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:45.0046 0456 gupdate - ok
18:35:45.0062 0456 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:45.0062 0456 gupdatem - ok
18:35:45.0078 0456 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINNT\system32\DRIVERS\hamachi.sys
18:35:45.0078 0456 hamachi - ok
18:35:45.0203 0456 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:35:45.0234 0456 Hamachi2Svc - ok
18:35:45.0265 0456 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINNT\system32\DRIVERS\HDAudBus.sys
18:35:45.0265 0456 HDAudBus - ok
18:35:45.0312 0456 [ E1552A082E8C0FBB70B758F170B3AFF8 ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:35:45.0312 0456 helpsvc - ok
18:35:45.0328 0456 [ 7D00FEC9B6DE9776B3D0EAD70BD71968 ] HidServ C:\WINNT\System32\hidserv.dll
18:35:45.0328 0456 HidServ - ok
18:35:45.0359 0456 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINNT\system32\DRIVERS\hidusb.sys
18:35:45.0359 0456 HidUsb - ok
18:35:45.0359 0456 hpn - ok
18:35:45.0375 0456 [ 3247A2DB333D1521680E6864A8295A47 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
18:35:45.0390 0456 HTTP - ok
18:35:45.0406 0456 [ 2D303CAF3C6DCFB246E74550DBED5880 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
18:35:45.0406 0456 HTTPFilter - ok
18:35:45.0406 0456 i2omgmt - ok
18:35:45.0406 0456 i2omp - ok
18:35:45.0421 0456 [ 2656FDFE0A7916C3A16F374454C55DD9 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
18:35:45.0421 0456 i8042prt - ok
18:35:45.0484 0456 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:35:45.0484 0456 IDriverT - ok
18:35:45.0546 0456 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:35:45.0578 0456 idsvc - ok
18:35:45.0593 0456 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
18:35:45.0593 0456 Imapi - ok
18:35:45.0609 0456 [ BC74431E59FB0BADF3E9162BD8D37B00 ] ImapiService C:\WINNT\system32\imapi.exe
18:35:45.0609 0456 ImapiService - ok
18:35:45.0625 0456 ini910u - ok
18:35:45.0734 0456 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINNT\system32\drivers\RtkHDAud.sys
18:35:45.0765 0456 IntcAzAudAddService - ok
18:35:45.0781 0456 IntelIde - ok
18:35:45.0781 0456 [ 78A353438791C6D04C64013A5ABEC6BD ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
18:35:45.0781 0456 intelppm - ok
18:35:45.0796 0456 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINNT\system32\DRIVERS\Ip6Fw.sys
18:35:45.0796 0456 Ip6Fw - ok
18:35:45.0828 0456 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
18:35:45.0828 0456 IpFilterDriver - ok
18:35:45.0843 0456 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
18:35:45.0843 0456 IpInIp - ok
18:35:45.0859 0456 [ 5191673215C91FF13CEAA83EF8E9653F ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
18:35:45.0859 0456 IpNat - ok
18:35:45.0890 0456 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:35:45.0906 0456 iPod Service - ok
18:35:45.0937 0456 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys
18:35:45.0937 0456 IPSec - ok
18:35:45.0953 0456 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
18:35:45.0953 0456 IRENUM - ok
18:35:45.0984 0456 [ 01A9E68528F4F34E5702123D27C67BD4 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
18:35:45.0984 0456 isapnp - ok
18:35:46.0015 0456 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:35:46.0015 0456 JavaQuickStarterService - ok
18:35:46.0062 0456 [ CC13DB862F929AE33F64C3BEDC01CD31 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
18:35:46.0062 0456 Kbdclass - ok
18:35:46.0062 0456 [ 831BE9197BDACE6BDCAC1BFDBE1C380F ] kbdhid C:\WINNT\system32\DRIVERS\kbdhid.sys
18:35:46.0062 0456 kbdhid - ok
18:35:46.0078 0456 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINNT\system32\drivers\kmixer.sys
18:35:46.0078 0456 kmixer - ok
18:35:46.0109 0456 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
18:35:46.0109 0456 KSecDD - ok
18:35:46.0125 0456 [ F98E33348DEE5E8313712B4C847CAB2A ] lanmanserver C:\WINNT\System32\srvsvc.dll
18:35:46.0125 0456 lanmanserver - ok
18:35:46.0156 0456 [ FA17019DA45C5D6464776A639A5A9ABB ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
18:35:46.0156 0456 lanmanworkstation - ok
18:35:46.0156 0456 lbrtfdc - ok
18:35:46.0218 0456 [ A1043645D16915DF12A6F2E049922A18 ] LexBceS C:\WINNT\system32\LEXBCES.EXE
18:35:46.0218 0456 LexBceS - ok
18:35:46.0234 0456 [ 94136B41F35666254DE29006DCCC30FC ] LmHosts C:\WINNT\System32\lmhsvc.dll
18:35:46.0234 0456 LmHosts - ok
18:35:46.0250 0456 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINNT\system32\DRIVERS\MarvinBus.sys
18:35:46.0250 0456 MarvinBus - ok
18:35:46.0265 0456 [ 1D0EBF9EDAE8A61CBF56ED1FF8489FAC ] Messenger C:\WINNT\System32\msgsvc.dll
18:35:46.0265 0456 Messenger - ok
18:35:46.0312 0456 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:35:46.0312 0456 Microsoft Office Groove Audit Service - ok
18:35:46.0328 0456 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
18:35:46.0343 0456 mnmdd - ok
18:35:46.0359 0456 [ DB082AAFD0859E28744E6629B64E0A91 ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe
18:35:46.0359 0456 mnmsrvc - ok
18:35:46.0375 0456 [ 15F33D12D604D0198CE5561F102CD9C5 ] Modem C:\WINNT\system32\drivers\Modem.sys
18:35:46.0375 0456 Modem - ok
18:35:46.0406 0456 [ 69C12B99AE8B6B99EC314E9B99833728 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
18:35:46.0406 0456 Mouclass - ok
18:35:46.0406 0456 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
18:35:46.0406 0456 MountMgr - ok
18:35:46.0437 0456 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:35:46.0437 0456 MozillaMaintenance - ok
18:35:46.0437 0456 mraid35x - ok
18:35:46.0453 0456 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
18:35:46.0453 0456 MRxDAV - ok
18:35:46.0468 0456 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
18:35:46.0484 0456 MRxSmb - ok
18:35:46.0500 0456 [ FB68F196B215782333FA1467CBAFC8B0 ] MSDTC C:\WINNT\system32\msdtc.exe
18:35:46.0500 0456 MSDTC - ok
18:35:46.0531 0456 [ 6DD721DFD2648F3F6D5808B5BA6CB095 ] MSDV C:\WINNT\system32\DRIVERS\msdv.sys
18:35:46.0546 0456 MSDV - ok
18:35:46.0546 0456 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
18:35:46.0546 0456 Msfs - ok
18:35:46.0546 0456 MSIServer - ok
18:35:46.0578 0456 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
18:35:46.0578 0456 MSKSSRV - ok
18:35:46.0609 0456 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
18:35:46.0609 0456 MSPCLOCK - ok
18:35:46.0609 0456 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
18:35:46.0609 0456 MSPQM - ok
18:35:46.0625 0456 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
18:35:46.0625 0456 mssmbios - ok
18:35:46.0640 0456 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINNT\system32\drivers\MSTEE.sys
18:35:46.0640 0456 MSTEE - ok
18:35:46.0656 0456 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINNT\system32\drivers\Mup.sys
18:35:46.0656 0456 Mup - ok
18:35:46.0687 0456 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINNT\system32\DRIVERS\NABTSFEC.sys
18:35:46.0687 0456 NABTSFEC - ok
18:35:46.0718 0456 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINNT\system32\drivers\NDIS.sys
18:35:46.0718 0456 NDIS - ok
18:35:46.0734 0456 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
18:35:46.0734 0456 NdisTapi - ok
18:35:46.0750 0456 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
18:35:46.0750 0456 Ndisuio - ok
18:35:46.0750 0456 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
18:35:46.0750 0456 NdisWan - ok
18:35:46.0765 0456 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
18:35:46.0765 0456 NDProxy - ok
18:35:46.0781 0456 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
18:35:46.0796 0456 NetBIOS - ok
18:35:46.0796 0456 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
18:35:46.0796 0456 NetBT - ok
18:35:46.0828 0456 [ 8DE3841527161ABDFAE5C44AB570F8E1 ] NetDDE C:\WINNT\system32\netdde.exe
18:35:46.0828 0456 NetDDE - ok
18:35:46.0828 0456 [ 8DE3841527161ABDFAE5C44AB570F8E1 ] NetDDEdsdm C:\WINNT\system32\netdde.exe
18:35:46.0843 0456 NetDDEdsdm - ok
18:35:46.0859 0456 [ F485FEFC8CC4FD29243D800BE5D275D1 ] Netlogon C:\WINNT\system32\lsass.exe
18:35:46.0859 0456 Netlogon - ok
18:35:46.0875 0456 [ 92296EBC8CE6714A3DC3D791E6246580 ] Netman C:\WINNT\System32\netman.dll
18:35:46.0890 0456 Netman - ok
18:35:46.0906 0456 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINNT\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:35:46.0921 0456 NetTcpPortSharing - ok
18:35:46.0921 0456 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys
18:35:46.0921 0456 NIC1394 - ok
18:35:46.0953 0456 [ 300BCC512DE4038F1494230941DB2C2A ] Nla C:\WINNT\System32\mswsock.dll
18:35:46.0953 0456 Nla - ok
18:35:47.0015 0456 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess D:\Program Files\CDBurnerXP\NMSAccessU.exe
18:35:47.0015 0456 NMSAccess - ok
18:35:47.0046 0456 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINNT\system32\drivers\Npfs.sys
18:35:47.0046 0456 Npfs - ok
18:35:47.0078 0456 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
18:35:47.0078 0456 Ntfs - ok
18:35:47.0078 0456 [ F485FEFC8CC4FD29243D800BE5D275D1 ] NtLmSsp C:\WINNT\system32\lsass.exe
18:35:47.0078 0456 NtLmSsp - ok
18:35:47.0109 0456 [ C8CE1566B0537C3F5F7AE1CA458A6697 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
18:35:47.0109 0456 NtmsSvc - ok
18:35:47.0140 0456 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
18:35:47.0140 0456 Null - ok
18:35:47.0375 0456 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys
18:35:47.0593 0456 nv - ok
18:35:47.0609 0456 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc C:\WINNT\system32\nvsvc32.exe
18:35:47.0625 0456 NVSvc - ok
18:35:47.0687 0456 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:35:47.0718 0456 nvUpdatusService - ok
18:35:47.0734 0456 [ 05C85C8EACFE20AE1F72C25C003405C6 ] NWCWorkstation C:\WINNT\System32\nwwks.dll
18:35:47.0750 0456 NWCWorkstation - ok
18:35:47.0765 0456 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
18:35:47.0765 0456 NwlnkFlt - ok
18:35:47.0781 0456 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
18:35:47.0781 0456 NwlnkFwd - ok
18:35:47.0812 0456 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINNT\system32\DRIVERS\nwlnkipx.sys
18:35:47.0812 0456 NwlnkIpx - ok
18:35:47.0828 0456 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINNT\system32\DRIVERS\nwlnknb.sys
18:35:47.0828 0456 NwlnkNb - ok
18:35:47.0828 0456 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINNT\system32\DRIVERS\nwlnkspx.sys
18:35:47.0828 0456 NwlnkSpx - ok
18:35:47.0843 0456 [ 03373A79440473062C6F3AEDEC6A49C8 ] NWRDR C:\WINNT\system32\DRIVERS\nwrdr.sys
18:35:47.0843 0456 NWRDR - ok
18:35:47.0875 0456 [ 38A88B31CF25C2AF0C98E75144F5560E ] NwSapAgent C:\WINNT\System32\ipxsap.dll
18:35:47.0875 0456 NwSapAgent - ok
18:35:47.0921 0456 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:35:47.0937 0456 odserv - ok
18:35:47.0953 0456 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys
18:35:47.0953 0456 ohci1394 - ok
18:35:47.0984 0456 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:47.0984 0456 ose - ok
18:35:48.0015 0456 [ 2FF48D8FDC815A8492FB2BD81E6999C2 ] Parport C:\WINNT\system32\DRIVERS\parport.sys
18:35:48.0015 0456 Parport - ok
18:35:48.0015 0456 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
18:35:48.0015 0456 PartMgr - ok
18:35:48.0031 0456 [ 453EC2C2A20A1382F564541918520EEB ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
18:35:48.0031 0456 ParVdm - ok
18:35:48.0046 0456 [ 5FD05C92EC56F696EAA50B68CEF1B84A ] PCI C:\WINNT\system32\DRIVERS\pci.sys
18:35:48.0046 0456 PCI - ok
18:35:48.0062 0456 PCIDump - ok
18:35:48.0093 0456 [ 548CF2D6369EAE441A4C6BAA75BC4F0A ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
18:35:48.0093 0456 PCIIde - ok
18:35:48.0109 0456 [ 2849812217ECEC059CB45F80EB6E52D4 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
18:35:48.0109 0456 Pcmcia - ok
18:35:48.0109 0456 PDCOMP - ok
18:35:48.0125 0456 PDFRAME - ok
18:35:48.0125 0456 PDRELI - ok
18:35:48.0125 0456 PDRFRAME - ok
18:35:48.0140 0456 perc2 - ok
18:35:48.0140 0456 perc2hib - ok
18:35:48.0171 0456 [ 02A467E27AF55F7064C5B251E587315F ] PlugPlay C:\WINNT\system32\services.exe
18:35:48.0171 0456 PlugPlay - ok
18:35:48.0187 0456 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINNT\system32\PnkBstrA.exe
18:35:48.0203 0456 PnkBstrA - ok
18:35:48.0203 0456 [ F485FEFC8CC4FD29243D800BE5D275D1 ] PolicyAgent C:\WINNT\system32\lsass.exe
18:35:48.0203 0456 PolicyAgent - ok
18:35:48.0203 0456 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
18:35:48.0203 0456 PptpMiniport - ok
18:35:48.0218 0456 [ F485FEFC8CC4FD29243D800BE5D275D1 ] ProtectedStorage C:\WINNT\system32\lsass.exe
18:35:48.0218 0456 ProtectedStorage - ok
18:35:48.0234 0456 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINNT\system32\DRIVERS\psched.sys
18:35:48.0234 0456 PSched - ok
18:35:48.0250 0456 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
18:35:48.0250 0456 Ptilink - ok
18:35:48.0265 0456 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINNT\system32\Drivers\PxHelp20.sys
18:35:48.0265 0456 PxHelp20 - ok
18:35:48.0265 0456 ql1080 - ok
18:35:48.0281 0456 Ql10wnt - ok
18:35:48.0281 0456 ql12160 - ok
18:35:48.0281 0456 ql1240 - ok
18:35:48.0281 0456 ql1280 - ok
18:35:48.0296 0456 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
18:35:48.0296 0456 RasAcd - ok
18:35:48.0312 0456 [ 5ED5AF86EE8CC13F6392B37A81AF5D5B ] RasAuto C:\WINNT\System32\rasauto.dll
18:35:48.0312 0456 RasAuto - ok
18:35:48.0328 0456 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
18:35:48.0328 0456 Rasl2tp - ok
18:35:48.0343 0456 [ FF59EC9427760470DE7FFCA75738ECB8 ] RasMan C:\WINNT\System32\rasmans.dll
18:35:48.0343 0456 RasMan - ok
18:35:48.0343 0456 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
18:35:48.0343 0456 RasPppoe - ok
18:35:48.0359 0456 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
18:35:48.0359 0456 Raspti - ok
18:35:48.0390 0456 [ D0FEF8156D2D2FEC557C100956D76887 ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
18:35:48.0390 0456 Rdbss - ok
18:35:48.0390 0456 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
18:35:48.0390 0456 RDPCDD - ok
18:35:48.0421 0456 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys
18:35:48.0421 0456 rdpdr - ok
18:35:48.0453 0456 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
18:35:48.0453 0456 RDPWD - ok
18:35:48.0484 0456 [ EE93399BC7CD84624AB7890DD7D8B296 ] RDSessMgr C:\WINNT\system32\sessmgr.exe
18:35:48.0500 0456 RDSessMgr - ok
18:35:48.0531 0456 [ BDDCECE9ACDAD26841C987D10376F6F7 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
18:35:48.0531 0456 redbook - ok
18:35:48.0546 0456 [ 6A9CB0C18B634B187B8B5A32B0FC2773 ] RemoteAccess C:\WINNT\System32\mprdim.dll
18:35:48.0546 0456 RemoteAccess - ok
18:35:48.0562 0456 [ A19BFED61736127DB5B8B815AFB35190 ] RemoteRegistry C:\WINNT\system32\regsvc.dll
18:35:48.0578 0456 RemoteRegistry - ok
18:35:48.0593 0456 [ 6BE739F700580F23740EFA1D1B57C0A5 ] RpcLocator C:\WINNT\system32\locator.exe
18:35:48.0609 0456 RpcLocator - ok
18:35:48.0625 0456 [ A37311D9D628C1042A2836731787F0F3 ] RpcSs C:\WINNT\System32\rpcss.dll
18:35:48.0625 0456 RpcSs - ok
18:35:48.0656 0456 [ 9ACEE3313020A01235336C2A483AFD1A ] RSVP C:\WINNT\system32\rsvp.exe
18:35:48.0656 0456 RSVP - ok
18:35:48.0687 0456 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINNT\system32\DRIVERS\Rtenicxp.sys
18:35:48.0687 0456 RTLE8023xp - ok
18:35:48.0703 0456 [ F485FEFC8CC4FD29243D800BE5D275D1 ] SamSs C:\WINNT\system32\lsass.exe
18:35:48.0703 0456 SamSs - ok
18:35:48.0718 0456 [ 8DF7262F72C3AB75486D21BA78B9F749 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
18:35:48.0718 0456 SCardSvr - ok
18:35:48.0750 0456 [ E5F1C9EAD4C6617ACD40CA90882CC7D4 ] Schedule C:\WINNT\system32\schedsvc.dll
18:35:48.0750 0456 Schedule - ok
18:35:48.0750 0456 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
18:35:48.0765 0456 Secdrv - ok
18:35:48.0765 0456 [ 60255AC385A08AAF4897AB4A42483500 ] seclogon C:\WINNT\System32\seclogon.dll
18:35:48.0765 0456 seclogon - ok
18:35:48.0781 0456 [ 1398DF553E701C7948188A7D4E347A18 ] SENS C:\WINNT\system32\sens.dll
18:35:48.0781 0456 SENS - ok
18:35:48.0812 0456 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
18:35:48.0812 0456 serenum - ok
18:35:48.0812 0456 [ 859BC6F8C3D58CFDA9181E9926C7DDB9 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
18:35:48.0812 0456 Serial - ok
18:35:48.0843 0456 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
18:35:48.0843 0456 Sfloppy - ok
18:35:48.0859 0456 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINNT\system32\drivers\sfmanm.sys
18:35:48.0859 0456 sfman - ok
18:35:48.0875 0456 [ DDC87ADF808D192A5212CC8A1E7F8E87 ] SharedAccess C:\WINNT\System32\ipnathlp.dll
18:35:48.0890 0456 SharedAccess - ok
18:35:48.0890 0456 [ 7C8E934687C496EDC69FDBBD2C277E63 ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
18:35:48.0890 0456 ShellHWDetection - ok
18:35:48.0906 0456 Simbad - ok
18:35:48.0937 0456 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINNT\system32\DRIVERS\SLIP.sys
18:35:48.0937 0456 SLIP - ok
18:35:48.0937 0456 Sparrow - ok
18:35:48.0953 0456 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINNT\system32\drivers\splitter.sys
18:35:48.0953 0456 splitter - ok
18:35:48.0984 0456 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINNT\system32\spoolsv.exe
18:35:48.0984 0456 Spooler - ok
18:35:49.0031 0456 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\WINNT\System32\Drivers\sptd.sys
18:35:49.0046 0456 sptd - ok
18:35:49.0093 0456 [ 6145CA23BCCDA679A772EC0AF42D6EB5 ] sr C:\WINNT\system32\DRIVERS\sr.sys
18:35:49.0093 0456 sr - ok
18:35:49.0093 0456 [ F309D9894FCA821E3C2F557A8032D47A ] srservice C:\WINNT\system32\srsvc.dll
18:35:49.0109 0456 srservice - ok
18:35:49.0125 0456 [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
18:35:49.0125 0456 Srv - ok
18:35:49.0140 0456 [ BB754C4BE0B18F0FAF01A7EBDE7025C4 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
18:35:49.0140 0456 SSDPSRV - ok
18:35:49.0171 0456 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINNT\system32\DRIVERS\ssmdrv.sys
18:35:49.0171 0456 ssmdrv - ok
18:35:49.0203 0456 [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus C:\WINNT\system32\DRIVERS\ss_bbus.sys
18:35:49.0203 0456 ss_bbus - ok
18:35:49.0218 0456 [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl C:\WINNT\system32\DRIVERS\ss_bmdfl.sys
18:35:49.0218 0456 ss_bmdfl - ok
18:35:49.0234 0456 [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm C:\WINNT\system32\DRIVERS\ss_bmdm.sys
18:35:49.0234 0456 ss_bmdm - ok
18:35:49.0265 0456 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINNT\system32\drivers\StarOpen.sys
18:35:49.0265 0456 StarOpen - ok
18:35:49.0265 0456 Steam Client Service - ok
18:35:49.0281 0456 [ C6718154A50FE6C55E382CDBDEDCE7A7 ] stisvc C:\WINNT\system32\wiaservc.dll
18:35:49.0281 0456 stisvc - ok
18:35:49.0328 0456 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINNT\system32\DRIVERS\StreamIP.sys
18:35:49.0328 0456 streamip - ok
18:35:49.0328 0456 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
18:35:49.0328 0456 swenum - ok
18:35:49.0343 0456 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINNT\system32\drivers\swmidi.sys
18:35:49.0343 0456 swmidi - ok
18:35:49.0343 0456 SwPrv - ok
18:35:49.0343 0456 symc810 - ok
18:35:49.0359 0456 symc8xx - ok
18:35:49.0359 0456 sym_hi - ok
18:35:49.0359 0456 sym_u3 - ok
18:35:49.0375 0456 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
18:35:49.0375 0456 sysaudio - ok
18:35:49.0406 0456 [ 5893B3B5B966233CAE426B2FEDC34DDF ] SysmonLog C:\WINNT\system32\smlogsvc.exe
18:35:49.0406 0456 SysmonLog - ok
18:35:49.0421 0456 [ 8B050486E57C23624CFD374488FE4A16 ] TapiSrv C:\WINNT\System32\tapisrv.dll
18:35:49.0437 0456 TapiSrv - ok
18:35:49.0468 0456 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
18:35:49.0468 0456 Tcpip - ok
18:35:49.0484 0456 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
18:35:49.0484 0456 TDPIPE - ok
18:35:49.0500 0456 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
18:35:49.0500 0456 TDTCP - ok
18:35:49.0515 0456 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
18:35:49.0515 0456 TermDD - ok
18:35:49.0546 0456 [ 2C28157229925280916B3041CCC5FE4B ] TermService C:\WINNT\System32\termsrv.dll
18:35:49.0546 0456 TermService - ok
18:35:49.0562 0456 [ 7C8E934687C496EDC69FDBBD2C277E63 ] Themes C:\WINNT\System32\shsvcs.dll
18:35:49.0562 0456 Themes - ok
18:35:49.0578 0456 [ CAC717418CCDF09110F406108017BFA6 ] TlntSvr C:\WINNT\system32\tlntsvr.exe
18:35:49.0578 0456 TlntSvr - ok
18:35:49.0578 0456 TosIde - ok
18:35:49.0609 0456 [ FACBC230AA93401D2FE88976E7CB7369 ] TrkWks C:\WINNT\system32\trkwks.dll
18:35:49.0609 0456 TrkWks - ok
18:35:49.0625 0456 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
18:35:49.0625 0456 Udfs - ok
18:35:49.0625 0456 ultra - ok
18:35:49.0656 0456 [ A4815A4884898F355A3513E60843A4FD ] Update C:\WINNT\system32\DRIVERS\update.sys
18:35:49.0656 0456 Update - ok
18:35:49.0671 0456 [ 387D2A06C8E7CCCEA8E9A350C8FE6781 ] upnphost C:\WINNT\System32\upnphost.dll
18:35:49.0671 0456 upnphost - ok
18:35:49.0687 0456 [ 576A2C38CF3904F2CA1107F922288435 ] UPS C:\WINNT\System32\ups.exe
18:35:49.0687 0456 UPS - ok
18:35:49.0703 0456 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys
18:35:49.0703 0456 usbccgp - ok
18:35:49.0734 0456 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
18:35:49.0734 0456 usbehci - ok
18:35:49.0750 0456 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
18:35:49.0750 0456 usbhub - ok
18:35:49.0765 0456 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
18:35:49.0765 0456 usbprint - ok
18:35:49.0781 0456 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINNT\system32\DRIVERS\USBSTOR.SYS
18:35:49.0781 0456 usbstor - ok
18:35:49.0812 0456 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
18:35:49.0812 0456 usbuhci - ok
18:35:49.0828 0456 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\WINNT\system32\DRIVERS\VClone.sys
18:35:49.0828 0456 Suspicious file (Forged): C:\WINNT\system32\DRIVERS\VClone.sys. Real md5: FCE98C43B5C5DB8E0DA8EA0E2B45E044, Fake md5: E0469D25EFC50F58B71E2D65B015DDB5
18:35:49.0828 0456 VClone ( ForgedFile.Multi.Generic ) - warning
18:35:49.0828 0456 VClone - detected ForgedFile.Multi.Generic (1)
18:35:49.0843 0456 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINNT\System32\drivers\vga.sys
18:35:49.0843 0456 VgaSave - ok
18:35:49.0843 0456 ViaIde - ok
18:35:49.0859 0456 [ ECD173739B8EC10A814CC18653DF5A36 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
18:35:49.0859 0456 VolSnap - ok
18:35:49.0875 0456 [ FEC1E19B91972105044960B23C442949 ] VSS C:\WINNT\System32\vssvc.exe
18:35:49.0890 0456 VSS - ok
18:35:49.0921 0456 [ C0F55CC0903CFDC819F6D857402B697C ] vulfnths C:\WINNT\System32\Drivers\vulfnth.sys
18:35:49.0921 0456 vulfnths - ok
18:35:49.0921 0456 [ 545D98A7F61AF1C7C4AD38B8F333E0B7 ] vulfntrs C:\WINNT\System32\Drivers\vulfntr.sys
18:35:49.0921 0456 vulfntrs - ok
18:35:49.0937 0456 [ 000A0D516A2E20441E77AEA44E46B19B ] W32Time C:\WINNT\system32\w32time.dll
18:35:49.0953 0456 W32Time - ok
18:35:49.0953 0456 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
18:35:49.0953 0456 Wanarp - ok
18:35:49.0953 0456 WDICA - ok
18:35:49.0968 0456 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
18:35:49.0968 0456 wdmaud - ok
18:35:49.0984 0456 [ 2CCE273A2F1A735EF16869B5B261B5E1 ] WebClient C:\WINNT\System32\webclnt.dll
18:35:50.0000 0456 WebClient - ok
18:35:50.0046 0456 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:35:50.0093 0456 wlidsvc - ok
18:35:50.0109 0456 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINNT\system32\MsPMSPSv.exe
18:35:50.0109 0456 WMDM PMSP Service - ok
18:35:50.0140 0456 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll
18:35:50.0140 0456 WmdmPmSN - ok
18:35:50.0171 0456 [ AFCE55C392A9676BD24A287D5ED1C777 ] Wmi C:\WINNT\System32\advapi32.dll
18:35:50.0187 0456 Wmi - ok
18:35:50.0218 0456 [ 45E43704611D7C2202A180FF87E63550 ] WmiApSrv C:\WINNT\system32\wbem\wmiapsrv.exe
18:35:50.0234 0456 WmiApSrv - ok
18:35:50.0234 0456 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINNT\system32\DRIVERS\wpdusb.sys
18:35:50.0234 0456 WpdUsb - ok
18:35:50.0296 0456 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:35:50.0328 0456 WPFFontCache_v0400 - ok
18:35:50.0343 0456 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
18:35:50.0343 0456 WS2IFSL - ok
18:35:50.0375 0456 [ 390D0951271908C46EECF89893876424 ] wscsvc C:\WINNT\system32\wscsvc.dll
18:35:50.0375 0456 wscsvc - ok
18:35:50.0406 0456 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
18:35:50.0406 0456 WSTCODEC - ok
18:35:50.0437 0456 [ 40C600488FF127953AA2F1835E5FD433 ] wuauserv C:\WINNT\system32\wuauserv.dll
18:35:50.0437 0456 wuauserv - ok
18:35:50.0468 0456 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys
18:35:50.0468 0456 WudfPf - ok
18:35:50.0484 0456 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys
18:35:50.0484 0456 WudfRd - ok
18:35:50.0515 0456 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll
18:35:50.0515 0456 WudfSvc - ok
18:35:50.0531 0456 [ 98A8014DBE72349F73462262CF493574 ] WZCSVC C:\WINNT\System32\wzcsvc.dll
18:35:50.0546 0456 WZCSVC - ok
18:35:50.0562 0456 [ E3C9EF5BCC9EB171BD81051CD19BDED7 ] xmlprov C:\WINNT\System32\xmlprov.dll
18:35:50.0562 0456 xmlprov - ok
18:35:50.0578 0456 ================ Scan global ===============================
18:35:50.0593 0456 [ FF952713E6B51D49B68BBA9233FBAA81 ] C:\WINNT\system32\basesrv.dll
18:35:50.0609 0456 [ 42E141F36421D554CCEB29664E9130A9 ] C:\WINNT\system32\winsrv.dll
18:35:50.0625 0456 [ 42E141F36421D554CCEB29664E9130A9 ] C:\WINNT\system32\winsrv.dll
18:35:50.0640 0456 [ 02A467E27AF55F7064C5B251E587315F ] C:\WINNT\system32\services.exe
18:35:50.0640 0456 [Global] - ok
18:35:50.0640 0456 ================ Scan MBR ==================================
18:35:50.0656 0456 [ 32052574BF9F325AE309ABC7BFD04460 ] \Device\Harddisk0\DR0
18:35:50.0828 0456 \Device\Harddisk0\DR0 - ok
18:35:50.0843 0456 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR4
18:35:54.0656 0456 \Device\Harddisk1\DR4 - ok
18:35:54.0656 0456 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR6
18:35:54.0718 0456 \Device\Harddisk2\DR6 - ok
18:35:54.0718 0456 ================ Scan VBR ==================================
18:35:54.0718 0456 [ E2CEBAA806850BE65750CE78CE4D1738 ] \Device\Harddisk0\DR0\Partition1
18:35:54.0718 0456 \Device\Harddisk0\DR0\Partition1 - ok
18:35:54.0734 0456 [ BE8558AE236237FB09D9C895B32FE9CA ] \Device\Harddisk0\DR0\Partition2
18:35:54.0734 0456 \Device\Harddisk0\DR0\Partition2 - ok
18:35:54.0750 0456 [ B8B938228FE98FC4B51E77FEA2C2873D ] \Device\Harddisk0\DR0\Partition3
18:35:54.0750 0456 \Device\Harddisk0\DR0\Partition3 - ok
18:35:54.0765 0456 [ 874EF70CC8C4F6DD60003481FFD4DF4D ] \Device\Harddisk1\DR4\Partition1
18:35:54.0765 0456 \Device\Harddisk1\DR4\Partition1 - ok
18:35:54.0765 0456 [ 17E2456ADCF20CD77966199EBF14A825 ] \Device\Harddisk2\DR6\Partition1
18:35:54.0765 0456 \Device\Harddisk2\DR6\Partition1 - ok
18:35:54.0765 0456 ============================================================
18:35:54.0765 0456 Scan finished
18:35:54.0765 0456 ============================================================
18:35:54.0781 0704 Detected object count: 1
18:35:54.0781 0704 Actual detected object count: 1
18:36:35.0781 0704 C:\WINNT\system32\DRIVERS\VClone.sys - copied to quarantine
18:36:35.0781 0704 VClone ( ForgedFile.Multi.Generic ) - User select action: Quarantine
[/log]

wirusolog
komentarz
komentarz

Wklej nowe logi z OTL.

kamann
komentarz
komentarz

OTL
[log]OTL logfile created on: 2012-12-31 18:54:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,66% Memory free
3,85 Gb Paging File | 3,70 Gb Available in Paging File | 96,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 17,23 Gb Free Space | 35,29% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,62 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,71 Gb Free Space | 37,36% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
PRC - [2006-05-13 15:22:59 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spoolsv.exe
PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
MOD - [2012-09-23 15:28:00 | 002,376,704 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvapi.dll
MOD - [2012-09-23 15:28:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012-09-23 14:09:17 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvrspl.dll
MOD - [2012-09-23 14:04:12 | 015,512,424 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvcpl.dll
MOD - [2012-06-09 18:20:02 | 000,168,448 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011-05-14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010-11-18 17:08:12 | 000,055,808 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2010-04-16 17:09:02 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wininet.dll
MOD - [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shdocvw.dll
MOD - [2010-04-16 17:09:01 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\urlmon.dll
MOD - [2010-04-16 17:08:59 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browseui.dll
MOD - [2009-12-24 08:04:53 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wintrust.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shlwapi.dll
MOD - [2009-11-27 17:09:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\avifil32.dll
MOD - [2009-09-11 15:19:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msv1_0.dll
MOD - [2009-09-04 22:05:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msasn1.dll
MOD - [2009-08-13 14:56:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009-08-06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wups2.dll
MOD - [2009-08-06 19:23:46 | 001,929,952 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuaueng.dll
MOD - [2009-07-31 05:35:11 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msxml3.dll
MOD - [2009-07-17 20:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\atl.dll
MOD - [2009-07-11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009-06-25 09:27:54 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsasrv.dll
MOD - [2009-06-25 09:27:54 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kerberos.dll
MOD - [2009-06-25 09:27:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\schannel.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\secur32.dll
MOD - [2009-06-25 09:27:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdigest.dll
MOD - [2009-05-07 16:34:14 | 000,347,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\localspl.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kernel32.dll
MOD - [2009-03-10 21:18:06 | 000,265,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WgaLogon.dll
MOD - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\advapi32.dll
MOD - [2009-02-09 11:53:44 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcss.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdll.dll
MOD - [2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netlogon.dll
MOD - [2008-12-16 13:32:33 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winhttp.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\gdi32.dll
MOD - [2008-10-15 17:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netapi32.dll
MOD - [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
MOD - [2008-06-20 18:48:53 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mswsock.dll
MOD - [2008-06-20 18:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dnsapi.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shell32.dll
MOD - [2008-05-19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msi.dll
MOD - [2006-11-24 10:21:30 | 001,721,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
MOD - [2006-10-26 23:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006-10-26 23:48:40 | 001,555,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MOD - [2006-10-26 23:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006-10-26 23:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006-10-26 23:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006-10-26 19:12:30 | 000,061,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
MOD - [2006-10-26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\msonpppr.dll
MOD - [2006-10-26 18:56:10 | 000,032,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msonpmon.dll
MOD - [2006-10-18 20:47:22 | 002,450,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wmvcore.dll
MOD - [2006-10-18 20:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WPDShServiceObj.dll
MOD - [2006-10-18 20:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceApi.dll
MOD - [2006-10-18 20:47:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WMASF.dll
MOD - [2006-10-18 20:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceTypes.dll
MOD - [2006-05-13 16:04:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cnbjmon.dll
MOD - [2006-05-13 16:04:48 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\pjlmon.dll
MOD - [2006-05-13 15:29:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc_os.dll
MOD - [2006-05-13 15:27:06 | 001,092,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\esent.dll
MOD - [2006-05-13 15:26:21 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\umpnpmgr.dll
MOD - [2006-05-13 15:25:54 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ole32.dll
MOD - [2006-05-13 15:25:30 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\clbcatq.dll
MOD - [2006-05-13 15:23:57 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\linkinfo.dll
MOD - [2006-05-13 15:22:59 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spoolsv.exe
MOD - [2006-05-13 15:22:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\user32.dll
MOD - [2006-05-13 15:21:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\authz.dll
MOD - [2006-05-13 15:20:25 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\AppPatch\AcGenral.dll
MOD - [2006-05-11 05:46:58 | 000,080,896 | ---- | M] (Lexmark International) -- C:\WINNT\system32\spool\prtprocs\w32x86\LXDAPP5C.DLL
MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winspool.drv
MOD - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
MOD - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
MOD - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe
MOD - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
MOD - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
MOD - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
MOD - [2004-08-04 01:44:18 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\zipfldr.dll
MOD - [2004-08-04 01:44:16 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winmm.dll
MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wldap32.dll
MOD - [2004-08-04 01:44:16 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\win32spl.dll
MOD - [2004-08-04 01:44:16 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winscard.dll
MOD - [2004-08-04 01:44:16 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wlnotify.dll
MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2_32.dll
MOD - [2004-08-04 01:44:16 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winsta.dll
MOD - [2004-08-04 01:44:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wshtcpip.dll
MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2help.dll
MOD - [2004-08-04 01:44:16 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wtsapi32.dll
MOD - [2004-08-04 01:44:16 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winrnr.dll
MOD - [2004-08-04 01:44:16 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuauserv.dll
MOD - [2004-08-04 01:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\userenv.dll
MOD - [2004-08-04 01:44:14 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sxs.dll
MOD - [2004-08-04 01:44:14 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\themeui.dll
MOD - [2004-08-04 01:44:14 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\webcheck.dll
MOD - [2004-08-04 01:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\uxtheme.dll
MOD - [2004-08-04 01:44:14 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\wbemcomn.dll
MOD - [2004-08-04 01:44:14 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\w32time.dll
MOD - [2004-08-04 01:44:14 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\tcpmon.dll
MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\wbemprox.dll
MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\version.dll
MOD - [2004-08-04 01:44:14 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\usbmon.dll
MOD - [2004-08-04 01:44:12 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srsvc.dll
MOD - [2004-08-04 01:44:12 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shmedia.dll
MOD - [2004-08-04 01:44:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shsvcs.dll
MOD - [2004-08-04 01:44:12 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stobject.dll
MOD - [2004-08-04 01:44:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spoolss.dll
MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srclient.dll
MOD - [2004-08-04 01:44:12 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimeng.dll
MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\setupapi.dll
MOD - [2004-08-04 01:44:10 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samsrv.dll
MOD - [2004-08-04 01:44:10 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scesrv.dll
MOD - [2004-08-04 01:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samlib.dll
MOD - [2004-08-04 01:44:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regapi.dll
MOD - [2004-08-04 01:44:10 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rtutils.dll
MOD - [2004-08-04 01:44:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\profmap.dll
MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\psapi.dll
MOD - [2004-08-04 01:44:10 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\seclogon.dll
MOD - [2004-08-04 01:44:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\powrprof.dll
MOD - [2004-08-04 01:44:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rasadhlp.dll
MOD - [2004-08-04 01:44:10 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc.dll
MOD - [2004-08-04 01:44:08 | 001,714,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netshell.dll
MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleaut32.dll
MOD - [2004-08-04 01:44:08 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbc32.dll
MOD - [2004-08-04 01:44:08 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui1.dll
MOD - [2004-08-04 01:44:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nwprovau.dll
MOD - [2004-08-04 01:44:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntshrui.dll
MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntmarta.dll
MOD - [2004-08-04 01:44:08 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mydocs.dll
MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\olepro32.dll
MOD - [2004-08-04 01:44:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui0.dll
MOD - [2004-08-04 01:44:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdsapi.dll
MOD - [2004-08-04 01:44:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntlanman.dll
MOD - [2004-08-04 01:44:08 | 000,038,912 | ---- | M] (Microsoft Corporation) -- c:\WINNT\pchealth\helpctr\binaries\pchsvc.dll
MOD - [2004-08-04 01:44:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ncobjapi.dll
MOD - [2004-08-04 01:44:08 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nddeapi.dll
MOD - [2004-08-04 01:44:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
MOD - [2004-08-04 01:44:06 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msgina.dll
MOD - [2004-08-04 01:44:06 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msftedit.dll
MOD - [2004-08-04 01:44:06 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll
MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcrt.dll
MOD - [2004-08-04 01:44:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msutb.dll
MOD - [2004-08-04 01:44:06 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvfw32.dll
MOD - [2004-08-04 01:44:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspatcha.dll
MOD - [2004-08-04 01:44:06 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msimg32.dll
MOD - [2004-08-04 01:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mlang.dll
MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSCTF.dll
MOD - [2004-08-04 01:44:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msacm32.dll
MOD - [2004-08-04 01:44:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mpr.dll
MOD - [2004-08-04 01:44:02 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\iphlpapi.dll
MOD - [2004-08-04 01:44:02 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetpp.dll
MOD - [2004-08-04 01:44:00 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hnetcfg.dll
MOD - [2004-08-04 01:44:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imagehlp.dll
MOD - [2004-08-04 01:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imm32.dll
MOD - [2004-08-04 01:43:58 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\duser.dll
MOD - [2004-08-04 01:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
MOD - [2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\eventlog.dll
MOD - [2004-08-04 01:43:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ersvc.dll
MOD - [2004-08-04 01:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comres.dll
MOD - [2004-08-04 01:43:56 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comctl32.dll
MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\crypt32.dll
MOD - [2004-08-04 01:43:56 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptui.dll
MOD - [2004-08-04 01:43:56 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscui.dll
MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comdlg32.dll
MOD - [2004-08-04 01:43:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\credui.dll
MOD - [2004-08-04 01:43:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscdll.dll
MOD - [2004-08-04 01:43:56 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptsvc.dll
MOD - [2004-08-04 01:43:56 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptdll.dll
MOD - [2004-08-04 01:43:56 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\davclnt.dll
MOD - [2004-08-04 01:43:56 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drprov.dll
MOD - [2004-08-04 01:43:54 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\certcli.dll
MOD - [2004-08-04 01:43:54 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\apphelp.dll
MOD - [2004-08-04 01:43:54 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cabinet.dll
MOD - [2004-08-04 01:43:54 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\batmeter.dll
MOD - [2004-08-04 01:43:52 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\actxprxy.dll
MOD - [2004-08-04 01:43:30 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\xpsp2res.dll
MOD - [2004-08-04 01:43:14 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbcint.dll
MOD - [2004-08-04 01:43:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msprivs.dll
MOD - [2004-08-04 01:42:40 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browselc.dll
MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2004-08-03 23:31:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rsaenh.dll
MOD - [2001-10-26 20:29:40 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleacc.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012-12-10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-12-04 17:06:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-23 15:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-30 20:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-06-29 08:31:06 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-05-05 12:21:33 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009-03-31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINNT\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007-12-14 10:46:28 | 000,047,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\alex\USTAWI~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-12-20 14:04:58 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\gdrv.sys -- (gdrv)
DRV - [2011-06-29 08:31:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-06-29 08:31:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009-03-18 16:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-02-14 10:04:06 | 004,676,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008-01-03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-10-11 10:10:52 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004-08-04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001-08-18 00:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-18 00:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{E85E867A-F76D-4DB2-BE19-B12E445C7D79}: "URL" = https://isearch.avg.com/search?cid={9A8BB263-AF77-4C51-BE34-F9299CC12489}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=en&ds=ft011&pr=sa&d=2012-03-29 21:54:24&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011-12-08 21:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-31 16:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-31 16:27:36 | 000,000,000 | ---D | M]

[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Extensions
[2012-12-09 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions
[2012-11-19 16:00:28 | 000,215,985 | ---- | M] () (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2010-03-05 15:53:07 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\web-search.xml
[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-27 19:16:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALEX\DANE APLIKACJI\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH\FIREFOXEXT\13.3.0.17
[2011-12-08 21:51:51 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012-04-29 11:50:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-07-18 07:47:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINNT\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-12-04 17:06:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-29 11:50:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-25 12:19:26 | 000,081,920 | ---- | M] (COMARCH S.A.) -- C:\Program Files\mozilla firefox\plugins\npNOL3_ns8_mozilla.dll
[2011-11-11 10:43:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-11-11 10:43:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-11-11 10:43:08 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-11-11 10:43:08 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-11-11 10:43:08 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-11-11 10:43:08 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-12-31 18:30:53 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-30 20:27:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-10-24 12:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 20:35:30 | 000,000,000 | ---D | M] - E:\Automap -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: wmdmpmsp - File not found

MsConfig - Services: "winmgmt"
MsConfig - Services: "vToolbarUpdater13.3.2"
MsConfig - Services: "syshost32"
MsConfig - Services: "PC Performer Manager"
MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WudfSvc"
MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WPFFontCache_v0400"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "Wmi"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "WMDM PMSP Service"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "WebClient"
MsConfig - Services: "W32Time"
MsConfig - Services: "VSS"
MsConfig - Services: "UPS"
MsConfig - Services: "upnphost"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TlntSvr"
MsConfig - Services: "Themes"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "SysmonLog"
MsConfig - Services: "SwPrv"
MsConfig - Services: "stisvc"
MsConfig - Services: "Steam Client Service"
MsConfig - Services: "SSDPSRV"
MsConfig - Services: "srservice"
MsConfig - Services: "Spooler"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "SENS"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "PolicyAgent"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "PlugPlay"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NwSapAgent"
MsConfig - Services: "NWCWorkstation"
MsConfig - Services: "nvUpdatusService"
MsConfig - Services: "NVSvc"
MsConfig - Services: "NtmsSvc"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "NMSAccess"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MSIServer"
MsConfig - Services: "MSDTC"
MsConfig - Services: "MozillaMaintenance"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "LmHosts"
MsConfig - Services: "LexBceS"
MsConfig - Services: "lanmanworkstation"
MsConfig - Services: "lanmanserver"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HTTPFilter"
MsConfig - Services: "HidServ"
MsConfig - Services: "helpsvc"
MsConfig - Services: "Hamachi2Svc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "GEST Service"
MsConfig - Services: "FsUsbExService"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "Eventlog"
MsConfig - Services: "ERSvc"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "Dhcp"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v4.0.30319_32"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "BITS"
MsConfig - Services: "AudioSrv"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "ALG"
MsConfig - Services: "Alerter"
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]GEST[/b] - hkey= - key= - C:\Program Files\GIGABYTE\GEST\run.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]ISUSPM Startup[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]ISUSScheduler[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]IVONA ControlCenter[/b] - hkey= - key= - C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NvMediaCenter[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]Realtime Audio Engine[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]USBToolTip[/b] - hkey= - key= - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: fsproflt - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: fsproflt - Reg Error: Value error.
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-12-31 18:36:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-12-31 18:35:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\alex\Pulpit\tdsskiller.exe
[2012-12-31 18:33:17 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\WINNT\System32\xircom
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012-12-31 17:37:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-31 17:36:56 | 005,016,388 | R--- | C] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-31 17:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.172517.1980
[2012-12-31 17:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.171751.128
[2012-12-31 17:17:46 | 000,456,472 | ---- | C] (ESET) -- C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe
[2012-12-31 16:34:21 | 000,000,000 | ---D | C] -- C:\WINNT\ERUNT
[2012-12-31 16:34:17 | 000,000,000 | ---D | C] -- C:\JRT
[2012-12-31 16:34:11 | 000,497,009 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\alex\Pulpit\JRT.exe
[2012-12-31 16:01:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-31 15:20:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-27 21:30:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\alex\Recent
[2012-12-27 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-24 13:43:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012-12-24 13:43:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012-12-24 13:43:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012-12-24 13:43:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012-12-24 13:39:02 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012-12-24 13:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\HiJackThis
[2012-12-24 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-12-24 11:08:19 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-21 12:50:12 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-21 12:40:39 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-20 16:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-12-20 16:28:18 | 000,412,088 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-14 23:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2012-12-11 15:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi
[2012-12-07 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft
[2012-12-07 21:37:34 | 000,000,000 | ---D | C] -- C:\Users
[2012-12-07 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-12-07 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2012-12-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2012-12-04 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-12-04 21:06:50 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 13:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
[2012-12-04 12:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-12-03 14:04:15 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:03:16 | 000,000,000 | ---D | C] -- C:\Windows
[2012-12-03 14:01:42 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\The KMPlayer
[2012-11-28 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2012-11-28 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-11-23 15:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\uTorrentControl2
[2012-11-23 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design
[2012-11-23 15:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\FreeSoundRecorder
[2012-11-23 15:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\MyAshampoo
[2012-11-23 15:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2012-11-18 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012-11-08 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\Fraps
[2012-11-08 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2012-11-08 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-12-31 18:31:13 | 000,000,356 | ---- | M] () -- C:\WINNT\system.ini
[2012-12-31 18:30:53 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2012-12-31 18:30:35 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012-12-31 18:29:05 | 018,612,224 | -H-- | M] () -- C:\Documents and Settings\alex\NTUSER.DAT
[2012-12-31 18:29:05 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\alex\ntuser.ini
[2012-12-31 18:18:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\alex\Pulpit\tdsskiller.exe
[2012-12-31 18:15:05 | 000,001,058 | ---- | M] () -- C:\WINNT\win.ini
[2012-12-31 18:15:05 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2012-12-31 17:35:58 | 005,016,388 | R--- | M] (Swearware) -- C:\Documents and Settings\alex\Pulpit\ComboFix.exe
[2012-12-31 17:16:10 | 000,456,472 | ---- | M] (ESET) -- C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe
[2012-12-31 16:32:44 | 000,497,009 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\alex\Pulpit\JRT.exe
[2012-12-31 16:14:18 | 000,551,997 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-31 13:45:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2012-12-30 16:38:31 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012-12-30 16:35:29 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012-12-30 15:00:47 | 000,000,269 | ---- | M] () -- C:\WINNT\LEXSTAT.INI
[2012-12-30 14:48:58 | 000,437,660 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-29 12:03:16 | 001,262,840 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2012-12-29 12:03:16 | 000,558,466 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2012-12-29 12:03:16 | 000,495,958 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012-12-29 12:03:16 | 000,105,530 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2012-12-29 12:03:16 | 000,084,442 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012-12-28 12:32:33 | 000,000,900 | ---- | M] () -- C:\WINNT\System32\KGyGaAvL.sys
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2012-12-27 21:31:08 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) -- C:\WINNT\System32\drivers\sptd.sys
[2012-12-25 19:37:42 | 004,389,435 | ---- | M] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:27:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-24 11:08:24 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-22 21:16:09 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-22 21:15:32 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-21 12:40:20 | 001,587,696 | ---- | M] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINNT\System32\drivers\avgtpx86.sys
[2012-12-21 12:38:52 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-12-20 22:51:53 | 001,700,756 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:19 | 000,412,088 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-20 14:07:39 | 000,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | M] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:51 | 000,107,011 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:31 | 000,038,007 | ---- | M] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-11 23:37:13 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | M] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:53 | 000,003,084 | ---- | M] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:33 | 000,028,958 | ---- | M] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-06 13:57:26 | 000,129,056 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2012-12-06 13:54:44 | 000,427,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012-12-05 23:05:38 | 000,781,782 | ---- | M] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 21:06:50 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
[2012-12-04 12:53:17 | 000,634,272 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:35:16 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2012-12-03 14:35:00 | 000,682,280 | ---- | M] () -- C:\WINNT\System32\pbsvc.exe
[2012-12-03 14:06:36 | 000,000,377 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-12-03 14:04:16 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\SaveAs.exe
[2012-12-03 14:01:42 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:09 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:49 | 000,026,725 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-11-22 16:59:17 | 000,995,059 | ---- | M] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-15 16:32:28 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-12-31 16:22:21 | 000,551,997 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-30 14:48:03 | 000,437,660 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-27 21:56:06 | 000,002,176 | ---- | C] () -- C:\kopia rejj.reg
[2012-12-25 19:37:31 | 004,389,435 | ---- | C] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:43:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012-12-24 13:43:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012-12-24 13:43:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012-12-24 13:43:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012-12-24 13:43:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012-12-24 13:27:04 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-21 12:49:39 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-20 22:51:51 | 001,700,756 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-19 17:45:53 | 000,383,928 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:01:30 | 000,051,254 | ---- | C] () -- C:\unwrap.png
[2012-12-16 12:40:47 | 000,000,011 | R--- | C] () -- C:\WINNT\amunres.lsl
[2012-12-15 22:57:50 | 000,107,011 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk
[2012-12-15 19:51:01 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:30 | 000,038,007 | ---- | C] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-09 19:11:20 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | C] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:52 | 000,003,084 | ---- | C] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:32 | 000,028,958 | ---- | C] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-05 23:04:27 | 000,781,782 | ---- | C] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 12:53:15 | 000,634,272 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:06:35 | 000,000,377 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-11-28 17:04:09 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:48 | 000,026,725 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-28 01:29:08 | 000,465,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-11-22 16:59:16 | 000,995,059 | ---- | C] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-10 12:15:37 | 001,587,696 | ---- | C] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-11-10 12:15:10 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-11-08 15:27:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Audacity.lnk
[2012-10-24 13:38:27 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
[2012-10-24 13:38:26 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb1.bin
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb0.bin
[2012-10-20 13:47:56 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\nvdrssel.bin
[2012-10-20 13:47:28 | 002,811,988 | ---- | C] () -- C:\WINNT\System32\nvdata.data
[2012-09-22 09:49:25 | 000,682,280 | ---- | C] () -- C:\WINNT\System32\pbsvc.exe
[2012-03-15 18:09:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\troll.jpg
[2011-12-11 21:32:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\1.bmp
[2011-12-09 01:35:14 | 000,338,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-413027322-839522115-1003-0.dat
[2011-10-07 23:59:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CoD2MP_s.exe
[2011-10-07 23:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Call_of_Duty_2_1.3_MP_Server_fix.3512889.TPB.torrent
[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat
[2011-07-28 22:18:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG4464.JPG
[2011-07-28 13:03:15 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\FsUsbExDevice.Dll
[2011-07-28 13:03:15 | 000,036,608 | ---- | C] () -- C:\WINNT\System32\FsUsbExDisk.Sys
[2011-07-28 13:03:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\$_hpcst$.hpc
[2011-07-01 01:20:32 | 000,391,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-05-29 17:54:23 | 000,088,352 | ---- | C] () -- C:\WINNT\System32\mlfcache.dat
[2011-05-12 21:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Nowy dokument sformatowany.rtf
[2011-03-31 23:06:05 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011-03-31 23:05:59 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011-03-31 23:05:58 | 000,000,590 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2011-03-31 23:05:57 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011-03-24 23:38:04 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\alex\.recently-used.xbel
[2011-01-31 13:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Zdjęcie0069.jpg
[2011-01-31 13:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Obraz 045.jpg
[2011-01-15 17:20:14 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\drivers\VClone.sys
[2010-11-30 22:48:59 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2010-10-26 20:37:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1800.JPG
[2010-10-26 20:37:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1792.JPG
[2010-10-26 20:37:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1791.JPG
[2010-10-26 20:37:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1785.JPG
[2010-08-18 22:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\popov- in da man of my city.mp3
[2010-07-11 19:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\DSC00371.JPG
[2010-05-22 20:07:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;49;12.JPG
[2010-05-22 20:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;48;02.JPG
[2010-05-22 20:05:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;47;26.JPG
[2010-02-14 09:56:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\lesiu.jpg
[2009-12-01 19:54:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2009-11-26 13:42:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\bez tytułu.bmp
[2009-11-07 18:45:36 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-24 20:22:33 | 000,129,056 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-24 12:46:01 | 002,656,656 | -H-- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-24 12:41:06 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\alex\ntuser.ini
[2009-10-24 12:41:04 | 018,612,224 | -H-- | C] () -- C:\Documents and Settings\alex\NTUSER.DAT

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010-04-08 17:24:32 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 01:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011-12-25 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.atanks
[2012-12-07 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.minecraft
[2009-11-21 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\AlcaTech
[2011-01-29 12:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ashampoo
[2010-09-28 19:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Astroburn Lite
[2012-11-09 20:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2011-06-30 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Autodesk
[2010-01-21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011-12-28 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Blender Foundation
[2010-07-23 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Bricsys
[2010-12-28 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Canneverbe Limited
[2010-08-05 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Chinaweal Longteng
[2012-01-24 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Cool Record Edit Pro
[2009-10-24 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools
[2012-12-27 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Lite
[2011-05-06 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Pro
[2010-05-12 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Expressivo
[2012-12-26 12:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\foobar2000
[2011-05-02 22:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Free Sound Recorder
[2010-04-09 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FreeAudioPack
[2012-06-24 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FunnyGames
[2012-09-21 07:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gadu-Gadu 10
[2011-10-07 17:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GameRanger
[2012-03-07 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GetRightToGo
[2009-11-23 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GHISLER
[2011-03-24 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\gtk-2.0
[2012-12-14 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gune
[2009-11-21 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\InterTrust
[2009-10-24 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\invibes
[2012-11-03 22:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\ipla
[2011-03-01 17:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\IVONA ControlCenter
[2009-10-24 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Nowe Gadu-Gadu
[2010-02-23 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenFM
[2012-12-05 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2011-03-16 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Opera
[2011-07-28 13:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PC Suite
[2010-07-19 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PhotoFiltre
[2010-12-07 18:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\RDRM
[2011-07-28 13:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Samsung
[2012-11-28 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
[2012-05-04 12:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TeamViewer
[2012-12-27 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2010-05-11 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ulead Systems
[2012-12-27 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\uTorrent
[2011-02-07 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\VDownloader
[2011-05-29 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2737A
[2009-11-21 23:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlcaTech
[2011-01-29 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-09-28 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite
[2012-07-08 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2010-12-28 21:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2012-03-29 20:53:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-12-27 21:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-12-08 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Freemake
[2010-12-07 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-12-07 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-08 15:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2011-08-10 15:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-07-28 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2012-12-16 12:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2012-03-29 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate
[2010-12-19 12:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate Collection
[2010-05-11 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc
[2012-12-27 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-09 10:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-08-25 21:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-12-27 21:10:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-27 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Dane aplikacji\TuneUp Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-05-03 14:23:53 | 000,001,204 | ---- | M] () -- C:\1.txt
[2012-12-31 16:21:21 | 000,013,138 | ---- | M] () -- C:\12312012_160147.log
[2012-10-20 10:50:30 | 155,576,680 | ---- | M] (NVIDIA Corporation) -- C:\306.81-desktop-winxp-32bit-international-whql.exe
[2012-09-21 07:17:12 | 000,702,281 | ---- | M] () -- C:\a1_geog.pdf
[2012-12-31 16:27:39 | 000,026,620 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-12-31 18:15:05 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-11 14:49:35 | 000,475,490 | ---- | M] () -- C:\cc_20101111_144910.reg
[2010-11-11 14:49:52 | 000,003,986 | ---- | M] () -- C:\cc_20101111_144946.reg
[2012-10-20 20:27:04 | 000,002,233 | ---- | M] () -- C:\CIAGI.PAS
[2012-12-31 18:33:15 | 000,062,703 | ---- | M] () -- C:\ComboFix.txt
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-24 12:49:42 | 000,000,143 | ---- | M] () -- C:\csb.log
[2012-10-20 12:33:05 | 006,081,842 | ---- | M] (Treexy ) -- C:\driver_fusion_1.2.0.exe
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-09-20 19:19:16 | 000,003,868 | ---- | M] () -- C:\KALKU.BAK
[2012-09-26 18:23:19 | 000,011,888 | ---- | M] () -- C:\KALKU.EXE
[2012-09-20 19:27:08 | 000,004,194 | ---- | M] () -- C:\KALKU.PAS
[2012-09-20 18:53:55 | 000,007,645 | ---- | M] () -- C:\KALKU.rar
[2010-07-15 18:12:56 | 000,000,000 | RHS- | M] () -- C:\khx
[2010-08-10 23:16:11 | 000,000,000 | RHS- | M] () -- C:\khy
[2012-04-22 10:28:50 | 003,523,817 | ---- | M] () -- C:\Kombii - Pokolenie pobrano z ulub_pl.mp3
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2010-04-19 13:54:40 | 076,119,274 | ---- | M] () -- C:\kopiazapasowa.reg
[2012-10-09 21:31:31 | 000,909,662 | ---- | M] () -- C:\Kopia_zapasowa_wiz.cdr
[2012-10-02 00:03:00 | 001,314,648 | ---- | M] () -- C:\Kopia_zapasowa_yuytu.cdr
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 23:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2012-12-31 18:30:32 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012-10-20 17:17:52 | 000,057,344 | ---- | M] () -- C:\pascal.ppt
[2012-12-06 00:17:40 | 000,791,552 | ---- | M] () -- C:\Pascal2.ppt
[2012-02-13 21:20:12 | 150,938,644 | ---- | M] () -- C:\Pawel Presents Trance Music vol.1.mp3
[2012-06-09 09:19:34 | 004,124,453 | ---- | M] () -- C:\presents 1.mp3
[2012-01-18 20:19:29 | 000,004,976 | ---- | M] () -- C:\PROGRAMM.EXE
[2012-01-18 20:12:20 | 000,000,386 | ---- | M] () -- C:\PROGRAMM.PAS
[2009-10-24 12:48:01 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2011-07-15 10:34:26 | 252,483,264 | ---- | M] () -- C:\S7302579.AVI
[2011-07-16 20:42:20 | 000,082,433 | ---- | M] () -- C:\saac1.2.zip
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-30 16:38:03 | 000,000,122 | ---- | M] () -- C:\service.log
[2012-07-03 10:45:56 | 001,587,696 | ---- | M] () -- C:\SetupVirtualCloneDrive5450.exe
[2011-09-14 21:00:06 | 115,729,182 | ---- | M] () -- C:\sysisie.rar
[2011-08-24 15:22:24 | 000,096,167 | ---- | M] () -- C:\Tabela 355 z dnia 27.07.11-zamkn. 1-31.08.11.xls.pdf
[2012-10-10 20:05:18 | 000,001,358 | ---- | M] () -- C:\TABELICE.BAK
[2012-10-10 20:20:15 | 000,005,328 | ---- | M] () -- C:\TABELICE.EXE
[2012-10-10 20:20:12 | 000,001,479 | ---- | M] () -- C:\TABELICE.PAS
[2012-12-31 18:41:30 | 000,092,784 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_31.12.2012_18.35.34_log.txt
[2012-05-04 12:18:34 | 004,586,328 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup.exe
[2012-01-02 22:34:36 | 000,421,020 | ---- | M] () -- C:\untitled.blend
[2012-01-02 16:23:23 | 000,413,592 | ---- | M] () -- C:\untitled.blend1
[2012-01-02 16:15:53 | 000,413,592 | ---- | M] () -- C:\untitled.blend2
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-10-27 13:04:22 | 000,029,962 | ---- | M] () -- C:\Wheels0079_thumbhuge.jpg
[2011-10-09 21:46:11 | 082,870,453 | ---- | M] () -- C:\Wideo030.mp4
[2011-10-09 21:49:02 | 031,052,725 | ---- | M] () -- C:\Wideo031.mp4
[2011-12-24 12:55:18 | 363,715,223 | ---- | M] () -- C:\Wigilia Klasowa 2011.rar
[2012-10-10 20:31:16 | 000,076,434 | ---- | M] () -- C:\wiz.cdr
[2012-10-12 06:36:33 | 000,181,626 | ---- | M] () -- C:\wiz12.cdr
[2012-10-02 21:09:41 | 001,314,970 | ---- | M] () -- C:\yuytu.cdr
[2012-10-09 21:39:08 | 000,013,814 | ---- | M] () -- C:\zapro.cdr
[2012-04-20 14:17:50 | 003,394,278 | ---- | M] () -- C:\[www.dloader.pl]bashunter_-_now_you_re_gone.mp3
[2012-04-20 13:51:50 | 001,599,143 | ---- | M] () -- C:\[www.dloader.pl]basshunter_-_all_i_ever_wanted.mp3

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINNT\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINNT\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINNT\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINNT\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINNT\system32\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

< End of report >
[/log]

EXT
[log]OTL Extras logfile created on: 2012-12-31 18:54:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,66% Memory free
3,85 Gb Paging File | 3,70 Gb Available in Paging File | 96,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 17,23 Gb Free Space | 35,29% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,62 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive G: | 14,62 Gb Total Space | 14,62 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 1,89 Gb Total Space | 0,71 Gb Free Space | 37,36% Space Free | Partition Type: FAT

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1326
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.126
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALLPlayer_is1" = ALLPlayer V4.X
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Elasto Mania" = Elasto Mania
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Expressivo" = Expressivo
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter wersja 3.0.0
"Gadu-Gadu 10" = Gadu-Gadu 10
"Hardcore" = Hardcore
"Historyczna mapa polskiej sieci kolejowej_is1" = Rail Map 2.2
"IL Download Manager" = IL Download Manager
"ImageHelper 1.01" = ImageHelper 1.01
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"ipla" = ipla 2.2.1
"IrfanView" = IrfanView (remove only)
"IVONA ControlCenter" = IVONA ControlCenter
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Lexmark 640 Series" = Lexmark 640 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia 2_is1" = Mafia 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixed In Key" = Mixed In Key 2.5
"MixVibesProducerDemo.exe" = MixVibes PRODUCER DEMO uninstall
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notowania OnLine 3.0 DM BZWBK S.A._is1" = Notowania OnLine 3.0 DM BZWBK S.A.
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"Runway Designer" = Runway Designer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"TrainzObjectz_is1" = TrainzObjectz 6.0 Build 544
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-29 11:58:36 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:47 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 06:58:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-30 09:54:33 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd acrord32.exe, wersja 5.0.1.329, moduł powodujący
błąd acrord32.exe, wersja 5.0.1.329, adres błędu 0x0014f885.

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 11:38:02 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 2012-12-31 07:32:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

[ System Events ]
Error - 2012-12-31 13:31:13 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:31:13 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:32:51 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:32:55 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:32:55 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:33:50 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 13:34:44 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 13:52:46 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 13:52:53 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 13:52:54 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}


< End of report >
[/log]

wirusolog
komentarz
komentarz (edytowane)

Jesteśmy już prawie na samym końcu, zostało doprowadzić system do porządku:
[hr]
[b]1.[/b] Masz zniszczoną Avirę, wykonaj deinstalację dedykowanym narzędziem: [url=http://dlpro.antivir.com/package/removaltool/win32/en/removaltool-win32-en.exe][b][color=blue][u]Avira AntiVir Removal Tool[/url][/b][/color][/u].

[b]2.[/b] Uruchom OTL i w sekcji [b]Własne opcje skanowania / skrypt[/b] wklej:

[quote]:OTL
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No CLSID value found
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\alex\USTAWI~1\Temp\mbr.sys -- (mbr)
MsConfig - Services: "winmgmt"
MsConfig - Services: "vToolbarUpdater13.3.2"
MsConfig - Services: "syshost32"
MsConfig - Services: "PC Performer Manager"
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^runctf.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^alex^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: Realtime Audio Engine - hkey= - key= - File not found
DRV - [2012-12-21 12:40:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avgtpx86.sys -- (avgtp)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

:Files
C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH
C:\TDSSKiller_Quarantine
C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.172517.1980
C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.171751.128
C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe
C:\WINNT\ERUNT
C:\JRT
C:\Documents and Settings\alex\Pulpit\JRT.exe
C:\WINNT\erdnt
C:\Documents and Settings\alex\Dane aplikacji\Gune
C:\Program Files\ESET
C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
D:\Moje Dokumenty\SaveAs.exe
C:\Documents and Settings\alex\Dane aplikacji\SimilarSites
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\uTorrentControl2
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\FreeSoundRecorder
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\MyAshampoo
C:\WINNT\amunres.lsl
C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods.crx
rd /s /q "C:\DOCUME~1\alex\USTAWI~1\Temp" /C
C:\ComboFix

:Commands
[Reboot][/quote]
Klik w [b]Wykonaj skrypt[/b]. System zostanie zrestartowany.

[b]2.[/b] Zrób nowy log OTL z opcji [b]Skanuj[/b]. Dołącz raport z usuwania OTLem + nowy komplet logów z OTL.

  • Dobra wypowiedź 1
kamann
komentarz
komentarz

usuwanie OTL

[log]========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{FE69C007-C452-4d3e-86D2-1730DF8BC871} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}\ not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\DOCUME~1\alex\USTAWI~1\Temp\mbr.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\winmgmt not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\vToolbarUpdater13.3.2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\syshost32 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\PC Performer Manager not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^alex^Menu Start^Programy^Autostart^MagicDisc.lnk\ deleted successfully.
C:\WINNT\pss\MagicDisc.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Realtime Audio Engine\ deleted successfully.
Error: No service named avgtp was found to stop!
Service\Driver key avgtp not found.
File C:\WINNT\system32\drivers\avgtpx86.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
========== FILES ==========
File\Folder C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH not found.
File\Folder C:\TDSSKiller_Quarantine not found.
File\Folder C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.172517.1980 not found.
File\Folder C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe_20121231.171751.128 not found.
File\Folder C:\Documents and Settings\alex\Pulpit\ESETNecursRemover.exe not found.
File\Folder C:\WINNT\ERUNT not found.
File\Folder C:\JRT not found.
File\Folder C:\Documents and Settings\alex\Pulpit\JRT.exe not found.
File\Folder C:\WINNT\erdnt not found.
File\Folder C:\Documents and Settings\alex\Dane aplikacji\Gune not found.
File\Folder C:\Program Files\ESET not found.
File\Folder C:\Documents and Settings\alex\Pulpit\esetsmartinstaller_plk.exe not found.
File\Folder C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1 not found.
File\Folder D:\Moje Dokumenty\SaveAs.exe not found.
File\Folder C:\Documents and Settings\alex\Dane aplikacji\SimilarSites not found.
File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\uTorrentControl2 not found.
File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design not found.
File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\FreeSoundRecorder not found.
File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\MyAshampoo not found.
File\Folder C:\WINNT\amunres.lsl not found.
File\Folder C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx not found.
File\Folder C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\funmoods.crx not found.
[color=#A23BEC]< rd /s /q "C:\DOCUME~1\alex\USTAWI~1\Temp" /C >[/color]
C:\Documents and Settings\alex\Pulpit\cmd.bat deleted successfully.
C:\Documents and Settings\alex\Pulpit\cmd.txt deleted successfully.
File\Folder C:\ComboFix not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01012013_181716

[/log]

OTL
[log]OTL logfile created on: 2013-01-01 18:22:58 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,39% Memory free
3,85 Gb Paging File | 3,58 Gb Available in Paging File | 93,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,78 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,52 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
PRC - [2012-12-04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-12-04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-11-21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-12-31 20:41:40 | 000,467,323 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aescript.dll
MOD - [2012-12-31 20:41:40 | 000,184,692 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aeexp.dll
MOD - [2012-12-31 20:41:39 | 005,628,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
MOD - [2012-12-31 20:41:39 | 000,819,574 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aepack.dll
MOD - [2012-12-31 20:41:39 | 000,131,445 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aescn.dll
MOD - [2012-12-31 20:41:37 | 000,434,549 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aegen.dll
MOD - [2012-12-31 20:41:36 | 000,201,079 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aecore.dll
MOD - [2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
MOD - [2012-12-05 17:08:39 | 000,026,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
MOD - [2012-12-05 17:08:38 | 000,046,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
MOD - [2012-12-05 17:08:01 | 000,274,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
MOD - [2012-12-05 17:07:53 | 000,834,848 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccgen.dll
MOD - [2012-12-04 18:40:31 | 000,248,096 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avreg.dll
MOD - [2012-12-04 15:42:46 | 000,334,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpavgio.dll
MOD - [2012-12-04 15:42:19 | 000,667,936 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
MOD - [2012-12-04 15:42:01 | 000,466,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll
MOD - [2012-12-04 15:41:45 | 000,214,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
MOD - [2012-12-04 15:40:16 | 000,232,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
MOD - [2012-12-04 15:39:51 | 000,121,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\cclic.dll
MOD - [2012-12-04 15:39:33 | 000,401,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccguard.dll
MOD - [2012-12-04 15:39:24 | 000,231,200 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll
MOD - [2012-12-04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
MOD - [2012-12-04 12:13:26 | 000,027,936 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\onlcfg.dll
MOD - [2012-12-04 12:12:29 | 000,381,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
MOD - [2012-12-04 12:12:11 | 000,047,904 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gplegacy.dll
MOD - [2012-12-04 12:12:02 | 000,219,424 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpipc.dll
MOD - [2012-12-04 12:11:53 | 000,059,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpgui.dll
MOD - [2012-12-04 12:11:44 | 000,043,296 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpgrd.dll
MOD - [2012-12-04 12:11:35 | 000,061,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpgenrep.dll
MOD - [2012-12-04 12:11:26 | 000,193,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\gpgen.dll
MOD - [2012-12-04 12:10:26 | 000,057,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\cfglib.dll
MOD - [2012-12-04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
MOD - [2012-12-04 12:04:02 | 000,167,200 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
MOD - [2012-12-04 12:03:53 | 000,138,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avesvc.dll
MOD - [2012-11-29 09:30:16 | 000,037,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
MOD - [2012-11-29 09:30:11 | 000,014,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
MOD - [2012-11-28 15:09:40 | 004,782,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
MOD - [2012-11-28 15:05:52 | 000,050,464 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avpref.dll
MOD - [2012-11-28 15:05:19 | 000,080,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgio.dll
MOD - [2012-11-21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
MOD - [2012-11-08 15:19:03 | 000,013,960 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccmainrc.dll
MOD - [2012-11-07 11:09:14 | 000,643,445 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
MOD - [2012-11-05 15:00:38 | 000,201,084 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
MOD - [2012-11-05 15:00:38 | 000,053,619 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aebb.dll
MOD - [2012-10-12 15:52:32 | 000,258,423 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
MOD - [2012-10-09 12:15:26 | 000,026,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll
MOD - [2012-09-21 08:49:48 | 000,008,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\ccmsgrc.dll
MOD - [2012-09-20 08:18:28 | 000,009,504 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\cclicrc.dll
MOD - [2012-09-19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012-09-19 18:07:05 | 000,061,728 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avipc.dll
MOD - [2012-09-19 14:42:55 | 000,393,587 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
MOD - [2012-09-19 14:42:55 | 000,102,772 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
MOD - [2012-08-28 16:58:06 | 000,606,578 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
MOD - [2011-05-14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011-02-19 23:03:12 | 004,422,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mfc100u.dll
MOD - [2011-02-19 23:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp100.dll
MOD - [2011-02-19 00:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcr100.dll
MOD - [2010-04-16 17:09:02 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wininet.dll
MOD - [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shdocvw.dll
MOD - [2010-04-16 17:09:01 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\urlmon.dll
MOD - [2010-04-16 17:08:59 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browseui.dll
MOD - [2009-12-24 08:04:53 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wintrust.dll
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shlwapi.dll
MOD - [2009-09-11 15:19:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msv1_0.dll
MOD - [2009-09-04 22:05:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msasn1.dll
MOD - [2009-08-13 14:56:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009-07-31 05:35:11 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msxml3.dll
MOD - [2009-07-17 20:04:02 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\atl.dll
MOD - [2009-07-11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009-06-25 09:27:54 | 000,732,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsasrv.dll
MOD - [2009-06-25 09:27:54 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kerberos.dll
MOD - [2009-06-25 09:27:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\schannel.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\secur32.dll
MOD - [2009-06-25 09:27:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdigest.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kernel32.dll
MOD - [2009-03-10 21:18:06 | 000,265,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WgaLogon.dll
MOD - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\advapi32.dll
MOD - [2009-02-09 11:53:44 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcss.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdll.dll
MOD - [2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netlogon.dll
MOD - [2008-12-16 13:32:33 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winhttp.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\gdi32.dll
MOD - [2008-10-15 17:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netapi32.dll
MOD - [2008-06-24 17:46:33 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mscms.dll
MOD - [2008-06-20 18:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dnsapi.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shell32.dll
MOD - [2008-05-19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msi.dll
MOD - [2006-11-24 10:21:30 | 001,721,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
MOD - [2006-10-26 23:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006-10-26 23:48:40 | 001,555,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
MOD - [2006-10-26 23:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006-10-26 23:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006-10-26 23:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006-10-26 19:12:30 | 000,061,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
MOD - [2006-10-18 20:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WPDShServiceObj.dll
MOD - [2006-10-18 20:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceApi.dll
MOD - [2006-10-18 20:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\PortableDeviceTypes.dll
MOD - [2006-05-13 15:29:00 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc_os.dll
MOD - [2006-05-13 15:26:21 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\umpnpmgr.dll
MOD - [2006-05-13 15:25:54 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ole32.dll
MOD - [2006-05-13 15:25:30 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\clbcatq.dll
MOD - [2006-05-13 15:23:57 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\linkinfo.dll
MOD - [2006-05-13 15:22:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\user32.dll
MOD - [2006-05-13 15:21:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\authz.dll
MOD - [2006-05-13 15:20:25 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\AppPatch\AcGenral.dll
MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winspool.drv
MOD - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe
MOD - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe
MOD - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe
MOD - [2004-08-04 01:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe
MOD - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe
MOD - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
MOD - [2004-08-04 01:44:16 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winmm.dll
MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wldap32.dll
MOD - [2004-08-04 01:44:16 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winscard.dll
MOD - [2004-08-04 01:44:16 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wlnotify.dll
MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2_32.dll
MOD - [2004-08-04 01:44:16 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winsta.dll
MOD - [2004-08-04 01:44:16 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2help.dll
MOD - [2004-08-04 01:44:16 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wtsapi32.dll
MOD - [2004-08-04 01:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\userenv.dll
MOD - [2004-08-04 01:44:14 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sxs.dll
MOD - [2004-08-04 01:44:14 | 000,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\vssapi.dll
MOD - [2004-08-04 01:44:14 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\themeui.dll
MOD - [2004-08-04 01:44:14 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\webcheck.dll
MOD - [2004-08-04 01:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\uxtheme.dll
MOD - [2004-08-04 01:44:14 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\w32time.dll
MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\version.dll
MOD - [2004-08-04 01:44:12 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimgvw.dll
MOD - [2004-08-04 01:44:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shsvcs.dll
MOD - [2004-08-04 01:44:12 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stobject.dll
MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srclient.dll
MOD - [2004-08-04 01:44:12 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shimeng.dll
MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\setupapi.dll
MOD - [2004-08-04 01:44:10 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samsrv.dll
MOD - [2004-08-04 01:44:10 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scesrv.dll
MOD - [2004-08-04 01:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samlib.dll
MOD - [2004-08-04 01:44:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regapi.dll
MOD - [2004-08-04 01:44:10 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rtutils.dll
MOD - [2004-08-04 01:44:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\profmap.dll
MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\psapi.dll
MOD - [2004-08-04 01:44:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\powrprof.dll
MOD - [2004-08-04 01:44:10 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfc.dll
MOD - [2004-08-04 01:44:08 | 001,714,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netshell.dll
MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleaut32.dll
MOD - [2004-08-04 01:44:08 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbc32.dll
MOD - [2004-08-04 01:44:08 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui1.dll
MOD - [2004-08-04 01:44:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nwprovau.dll
MOD - [2004-08-04 01:44:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntshrui.dll
MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntmarta.dll
MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\olepro32.dll
MOD - [2004-08-04 01:44:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui0.dll
MOD - [2004-08-04 01:44:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdsapi.dll
MOD - [2004-08-04 01:44:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntlanman.dll
MOD - [2004-08-04 01:44:08 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ncobjapi.dll
MOD - [2004-08-04 01:44:08 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\nddeapi.dll
MOD - [2004-08-04 01:44:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
MOD - [2004-08-04 01:44:06 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msgina.dll
MOD - [2004-08-04 01:44:06 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msftedit.dll
MOD - [2004-08-04 01:44:06 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll
MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcrt.dll
MOD - [2004-08-04 01:44:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msutb.dll
MOD - [2004-08-04 01:44:06 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msimg32.dll
MOD - [2004-08-04 01:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mlang.dll
MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSCTF.dll
MOD - [2004-08-04 01:44:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msacm32.dll
MOD - [2004-08-04 01:44:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mpr.dll
MOD - [2004-08-04 01:44:02 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\iphlpapi.dll
MOD - [2004-08-04 01:44:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\imagehlp.dll
MOD - [2004-08-04 01:43:58 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\duser.dll
MOD - [2004-08-04 01:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
MOD - [2004-08-04 01:43:58 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\fltlib.dll
MOD - [2004-08-04 01:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comres.dll
MOD - [2004-08-04 01:43:56 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comctl32.dll
MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\crypt32.dll
MOD - [2004-08-04 01:43:56 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptui.dll
MOD - [2004-08-04 01:43:56 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscui.dll
MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\comdlg32.dll
MOD - [2004-08-04 01:43:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\credui.dll
MOD - [2004-08-04 01:43:56 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cscdll.dll
MOD - [2004-08-04 01:43:56 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cryptdll.dll
MOD - [2004-08-04 01:43:56 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\davclnt.dll
MOD - [2004-08-04 01:43:56 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drprov.dll
MOD - [2004-08-04 01:43:54 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\apphelp.dll
MOD - [2004-08-04 01:43:54 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\batmeter.dll
MOD - [2004-08-04 01:43:52 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\activeds.dll
MOD - [2004-08-04 01:43:52 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\adsldpc.dll
MOD - [2004-08-04 01:43:52 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\actxprxy.dll
MOD - [2004-08-04 01:43:30 | 002,953,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\xpsp2res.dll
MOD - [2004-08-04 01:43:14 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\odbcint.dll
MOD - [2004-08-04 01:43:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msprivs.dll
MOD - [2004-08-04 01:42:40 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\browselc.dll
MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2004-08-03 23:31:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rsaenh.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012-12-10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-12-04 17:06:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-12-04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-12-04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-09-23 15:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-06-30 20:50:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009-03-31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINNT\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007-12-14 10:46:28 | 000,047,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-01-01 18:14:20 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\gdrv.sys -- (gdrv)
DRV - [2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-11-27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012-11-22 15:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012-11-22 15:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-08-27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-11-12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009-03-20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009-03-18 16:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-02-14 10:04:06 | 004,676,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008-01-03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-10-11 10:10:52 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004-08-04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001-08-18 00:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-18 00:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\..\SearchScopes\{E85E867A-F76D-4DB2-BE19-B12E445C7D79}: "URL" = https://isearch.avg.com/search?cid={9A8BB263-AF77-4C51-BE34-F9299CC12489}&mid=359597c4afeb47d0bfbcd15696bb0491-faec0ac25b854312756997bf20b9e173c0c4e5e6&lang=en&ds=ft011&pr=sa&d=2012-03-29 21:54:24&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011-12-08 21:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-31 16:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-31 16:27:36 | 000,000,000 | ---D | M]

[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Extensions
[2012-12-09 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions
[2012-11-19 16:00:28 | 000,215,985 | ---- | M] () (No name found) -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2010-03-05 15:53:07 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Profiles\ekutx1w4.default\searchplugins\web-search.xml
[2012-12-16 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-27 19:16:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-04-29 11:50:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-07-18 07:47:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINNT\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-12-04 17:06:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-29 11:50:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-25 12:19:26 | 000,081,920 | ---- | M] (COMARCH S.A.) -- C:\Program Files\mozilla firefox\plugins\npNOL3_ns8_mozilla.dll
[2011-11-11 10:43:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-11-11 10:43:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-11-11 10:43:08 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-11-11 10:43:08 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-11-11 10:43:08 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-11-11 10:43:08 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-12-31 18:30:53 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315FF637-C0F4-465E-8754-0969183618BE}: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\alex\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-30 20:27:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-10-24 12:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 20:35:30 | 000,000,000 | ---D | M] - E:\Automap -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: wmdmpmsp - File not found

MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "WudfSvc"
MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WPFFontCache_v0400"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "Wmi"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "WMDM PMSP Service"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "WebClient"
MsConfig - Services: "W32Time"
MsConfig - Services: "VSS"
MsConfig - Services: "UPS"
MsConfig - Services: "upnphost"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TlntSvr"
MsConfig - Services: "Themes"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "SysmonLog"
MsConfig - Services: "SwPrv"
MsConfig - Services: "stisvc"
MsConfig - Services: "Steam Client Service"
MsConfig - Services: "SSDPSRV"
MsConfig - Services: "srservice"
MsConfig - Services: "Spooler"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "SENS"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "PolicyAgent"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "PlugPlay"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NwSapAgent"
MsConfig - Services: "NWCWorkstation"
MsConfig - Services: "nvUpdatusService"
MsConfig - Services: "NVSvc"
MsConfig - Services: "NtmsSvc"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "NMSAccess"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MSIServer"
MsConfig - Services: "MSDTC"
MsConfig - Services: "MozillaMaintenance"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "LmHosts"
MsConfig - Services: "LexBceS"
MsConfig - Services: "lanmanworkstation"
MsConfig - Services: "lanmanserver"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HTTPFilter"
MsConfig - Services: "HidServ"
MsConfig - Services: "helpsvc"
MsConfig - Services: "Hamachi2Svc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "GEST Service"
MsConfig - Services: "FsUsbExService"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "Eventlog"
MsConfig - Services: "ERSvc"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "Dhcp"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v4.0.30319_32"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "BITS"
MsConfig - Services: "AudioSrv"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - Services: "ALG"
MsConfig - Services: "Alerter"
MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]GEST[/b] - hkey= - key= - C:\Program Files\GIGABYTE\GEST\run.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]ISUSPM Startup[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]ISUSScheduler[/b] - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]IVONA ControlCenter[/b] - hkey= - key= - C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]USBToolTip[/b] - hkey= - key= - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: fsproflt - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: fsproflt - Reg Error: Value error.
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2013-01-01 18:11:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-01-01 10:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Pulpit\combo
[2012-12-31 20:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Avira
[2012-12-31 20:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Avira
[2012-12-31 20:39:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\ssmdrv.sys
[2012-12-31 20:39:53 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avipbb.sys
[2012-12-31 20:39:53 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avgntflt.sys
[2012-12-31 20:39:53 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avkmgr.sys
[2012-12-31 20:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012-12-31 20:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2012-12-31 19:25:50 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\alex\Pulpit\removaltool-win32-en.exe
[2012-12-31 18:35:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\alex\Pulpit\tdsskiller.exe
[2012-12-31 18:33:17 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\WINNT\System32\xircom
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012-12-31 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012-12-31 17:37:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-31 16:01:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-31 15:20:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-27 21:30:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\alex\Recent
[2012-12-27 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-27 21:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-24 13:43:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012-12-24 13:43:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012-12-24 13:43:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012-12-24 13:43:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012-12-24 13:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\HiJackThis
[2012-12-24 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-12-24 11:08:19 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-21 12:50:12 | 014,682,176 | ---- | C] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-20 16:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-12-20 16:28:18 | 000,412,088 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-11 15:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi
[2012-12-07 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft
[2012-12-07 21:37:34 | 000,000,000 | ---D | C] -- C:\Users
[2012-12-07 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012-12-07 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2012-12-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2012-12-04 12:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012-12-03 14:03:16 | 000,000,000 | ---D | C] -- C:\Windows
[2012-12-03 14:01:42 | 000,301,504 | ---- | C] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\The KMPlayer
[2012-11-28 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2012-11-23 15:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2012-11-18 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012-11-08 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Menu Start\Programy\Fraps
[2012-11-08 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2012-11-08 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2013-01-01 18:19:08 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2013-01-01 18:17:42 | 018,612,224 | -H-- | M] () -- C:\Documents and Settings\alex\NTUSER.DAT
[2013-01-01 18:17:40 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\alex\ntuser.ini
[2013-01-01 18:14:01 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2013-01-01 18:12:55 | 000,001,058 | ---- | M] () -- C:\WINNT\win.ini
[2013-01-01 18:12:55 | 000,000,356 | ---- | M] () -- C:\WINNT\system.ini
[2013-01-01 18:12:55 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2013-01-01 18:12:24 | 000,069,720 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\62637547.png
[2012-12-31 20:40:03 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira Control Center.lnk
[2012-12-31 19:15:44 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\alex\Pulpit\removaltool-win32-en.exe
[2012-12-31 18:30:53 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2012-12-31 18:18:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\alex\Pulpit\tdsskiller.exe
[2012-12-31 16:14:18 | 000,551,997 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-31 14:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alex\Pulpit\OTL.exe
[2012-12-30 16:38:31 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012-12-30 16:35:29 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012-12-30 15:00:47 | 000,000,269 | ---- | M] () -- C:\WINNT\LEXSTAT.INI
[2012-12-30 14:48:58 | 000,437,660 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-29 12:03:16 | 001,262,840 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2012-12-29 12:03:16 | 000,558,466 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2012-12-29 12:03:16 | 000,495,958 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012-12-29 12:03:16 | 000,105,530 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2012-12-29 12:03:16 | 000,084,442 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012-12-28 12:32:33 | 000,000,900 | ---- | M] () -- C:\WINNT\System32\KGyGaAvL.sys
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2012-12-27 21:31:08 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2012-12-27 21:12:43 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) -- C:\WINNT\System32\drivers\sptd.sys
[2012-12-25 19:37:42 | 004,389,435 | ---- | M] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:27:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-24 11:08:24 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327_[www.programosy.pl].exe
[2012-12-22 21:16:09 | 014,682,176 | ---- | M] (DT Soft Ltd) -- D:\Moje Dokumenty\DTLite4461-0327(dobreprogramy.pl).exe
[2012-12-22 21:15:32 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-21 12:40:20 | 001,587,696 | ---- | M] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-12-21 12:38:52 | 000,496,232 | ---- | M] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-12-20 22:51:53 | 001,700,756 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-20 16:28:19 | 000,412,088 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\alex\Pulpit\Blender.exe
[2012-12-20 14:07:39 | 000,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2012-12-19 17:45:53 | 000,383,928 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-12-15 22:57:51 | 000,107,011 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:31 | 000,038,007 | ---- | M] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-11 23:37:13 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | M] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:53 | 000,003,084 | ---- | M] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:33 | 000,028,958 | ---- | M] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-06 13:57:26 | 000,129,056 | ---- | M] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2012-12-06 13:54:44 | 000,427,800 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012-12-05 23:05:38 | 000,781,782 | ---- | M] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 12:53:17 | 000,634,272 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:35:16 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2012-12-03 14:35:00 | 000,682,280 | ---- | M] () -- C:\WINNT\System32\pbsvc.exe
[2012-12-03 14:06:36 | 000,000,377 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-12-03 14:01:42 | 000,301,504 | ---- | M] (Premium) -- D:\Moje Dokumenty\DownloadSetup.exe
[2012-11-28 17:04:09 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:49 | 000,026,725 | ---- | M] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avgntflt.sys
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-11-22 16:59:17 | 000,995,059 | ---- | M] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-22 15:51:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avkmgr.sys
[2012-11-22 15:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINNT\System32\drivers\avipbb.sys
[2012-11-15 16:32:28 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-01-01 18:12:24 | 000,069,720 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\62637547.png
[2012-12-31 20:40:03 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira Control Center.lnk
[2012-12-31 16:22:21 | 000,551,997 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\adwcleaner.exe
[2012-12-30 14:48:03 | 000,437,660 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\sprawdzian prób ark 2011.pdf
[2012-12-27 21:56:06 | 000,002,176 | ---- | C] () -- C:\kopia rejj.reg
[2012-12-25 19:37:31 | 004,389,435 | ---- | C] () -- D:\Moje Dokumenty\DokuCraft.zip
[2012-12-24 13:43:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012-12-24 13:43:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012-12-24 13:43:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012-12-24 13:43:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012-12-24 13:43:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012-12-24 13:27:04 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.lnk
[2012-12-24 13:26:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\HiJackThis.msi
[2012-12-21 12:49:39 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\DAEMON-Tools-Lite(12708).exe
[2012-12-20 22:51:51 | 001,700,756 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\_original.jpg
[2012-12-20 16:31:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Blender.lnk
[2012-12-19 17:45:53 | 000,383,928 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\blue-sky-1330598792xLu.jpg
[2012-12-19 17:01:30 | 000,051,254 | ---- | C] () -- C:\unwrap.png
[2012-12-15 22:57:50 | 000,107,011 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\45.jpg
[2012-12-15 19:51:01 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk
[2012-12-15 19:51:01 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-13 13:38:30 | 000,038,007 | ---- | C] () -- D:\Moje Dokumenty\Call.of.Duty.Black.Ops-SKIDROW-[tracker.BTARENA.org].iso.5945000.TPB.torrent
[2012-12-09 19:11:20 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012-12-07 22:01:21 | 001,696,186 | ---- | C] () -- D:\Moje Dokumenty\mcpatcher-2.4.3_04.exe
[2012-12-07 21:28:52 | 000,003,084 | ---- | C] () -- D:\Moje Dokumenty\Timber! (1.4.4).zip
[2012-12-07 11:54:23 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2012-12-06 21:18:32 | 000,028,958 | ---- | C] () -- D:\Moje Dokumenty\Dead_Island-RELOADED.6656193.TPB.torrent
[2012-12-05 23:04:27 | 000,781,782 | ---- | C] () -- D:\Moje Dokumenty\dla żonki.odt
[2012-12-04 12:53:15 | 000,634,272 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\pcp_claro.exe
[2012-12-03 14:06:35 | 000,000,377 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] Hitman Absolution- Patch SKIDROW Updated JULY-2012.rar.torrent
[2012-11-28 17:04:09 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\alex\Pulpit\KMPlayer.lnk
[2012-11-28 14:39:48 | 000,026,725 | ---- | C] () -- D:\Moje Dokumenty\[isoHunt] F9B0FD173632C73F0FA161BFECEBF4B6D75D6B7F.torrent
[2012-11-28 01:29:08 | 000,465,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-11-22 16:59:16 | 000,995,059 | ---- | C] () -- D:\Moje Dokumenty\One_Missed_Call.mp3
[2012-11-10 12:15:37 | 001,587,696 | ---- | C] () -- D:\Moje Dokumenty\SetupVirtualCloneDrive5450.exe
[2012-11-10 12:15:10 | 000,496,232 | ---- | C] () -- D:\Moje Dokumenty\Virtual-CloneDrive(12817).exe
[2012-11-08 15:27:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Audacity.lnk
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb1.bin
[2012-10-20 13:47:56 | 001,101,436 | ---- | C] () -- C:\WINNT\System32\nvdrsdb0.bin
[2012-10-20 13:47:56 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\nvdrssel.bin
[2012-10-20 13:47:28 | 002,811,988 | ---- | C] () -- C:\WINNT\System32\nvdata.data
[2012-09-22 09:49:25 | 000,682,280 | ---- | C] () -- C:\WINNT\System32\pbsvc.exe
[2012-03-15 18:09:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\troll.jpg
[2011-12-11 21:32:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\1.bmp
[2011-12-09 01:35:14 | 000,338,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-413027322-839522115-1003-0.dat
[2011-10-07 23:59:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CoD2MP_s.exe
[2011-10-07 23:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Call_of_Duty_2_1.3_MP_Server_fix.3512889.TPB.torrent
[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat
[2011-07-28 22:18:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG4464.JPG
[2011-07-28 13:03:15 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\FsUsbExDevice.Dll
[2011-07-28 13:03:15 | 000,036,608 | ---- | C] () -- C:\WINNT\System32\FsUsbExDisk.Sys
[2011-07-28 13:03:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\$_hpcst$.hpc
[2011-07-01 01:20:32 | 000,391,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-05-29 17:54:23 | 000,088,352 | ---- | C] () -- C:\WINNT\System32\mlfcache.dat
[2011-05-12 21:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Nowy dokument sformatowany.rtf
[2011-03-31 23:06:05 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011-03-31 23:05:59 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011-03-31 23:05:58 | 000,000,590 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2011-03-31 23:05:57 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011-03-24 23:38:04 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\alex\.recently-used.xbel
[2011-01-31 13:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Zdjęcie0069.jpg
[2011-01-31 13:20:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\Obraz 045.jpg
[2011-01-15 17:20:14 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\drivers\VClone.sys
[2010-11-30 22:48:59 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2010-10-26 20:37:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1800.JPG
[2010-10-26 20:37:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1792.JPG
[2010-10-26 20:37:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1791.JPG
[2010-10-26 20:37:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\CIMG1785.JPG
[2010-08-18 22:24:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\popov- in da man of my city.mp3
[2010-07-11 19:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\DSC00371.JPG
[2010-05-22 20:07:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;49;12.JPG
[2010-05-22 20:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;48;02.JPG
[2010-05-22 20:05:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\2011-05-22 20;47;26.JPG
[2010-02-14 09:56:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\lesiu.jpg
[2009-12-01 19:54:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\alex\Dane aplikacji\PnkBstrK.sys
[2009-11-26 13:42:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\alex\bez tytułu.bmp
[2009-11-07 18:45:36 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-24 20:22:33 | 000,129,056 | ---- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-24 12:46:01 | 002,656,656 | -H-- | C] () -- C:\Documents and Settings\alex\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-24 12:41:06 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\alex\ntuser.ini
[2009-10-24 12:41:04 | 018,612,224 | -H-- | C] () -- C:\Documents and Settings\alex\NTUSER.DAT

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010-04-08 17:24:32 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010-04-16 17:09:01 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 01:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011-12-25 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.atanks
[2012-12-07 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\.minecraft
[2009-11-21 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\AlcaTech
[2011-01-29 12:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ashampoo
[2010-09-28 19:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Astroburn Lite
[2012-11-09 20:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Audacity
[2011-06-30 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Autodesk
[2010-01-21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011-12-28 15:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Blender Foundation
[2010-07-23 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Bricsys
[2010-12-28 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Canneverbe Limited
[2010-08-05 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Chinaweal Longteng
[2012-01-24 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Cool Record Edit Pro
[2009-10-24 20:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools
[2012-12-27 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Lite
[2011-05-06 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\DAEMON Tools Pro
[2010-05-12 22:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Expressivo
[2012-12-26 12:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\foobar2000
[2011-05-02 22:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Free Sound Recorder
[2010-04-09 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FreeAudioPack
[2012-06-24 20:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\FunnyGames
[2012-09-21 07:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Gadu-Gadu 10
[2011-10-07 17:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GameRanger
[2012-03-07 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GetRightToGo
[2009-11-23 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\GHISLER
[2011-03-24 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\gtk-2.0
[2009-11-21 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\InterTrust
[2009-10-24 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\invibes
[2013-01-01 18:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\ipla
[2011-03-01 17:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\IVONA ControlCenter
[2009-10-24 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Nowe Gadu-Gadu
[2010-02-23 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenFM
[2012-12-05 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\OpenOffice.org
[2011-03-16 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Opera
[2011-07-28 13:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PC Suite
[2010-07-19 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\PhotoFiltre
[2010-12-07 18:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\RDRM
[2011-07-28 13:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Samsung
[2012-05-04 12:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TeamViewer
[2012-12-27 21:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\TuneUp Software
[2010-05-11 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\Ulead Systems
[2012-12-27 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\uTorrent
[2011-02-07 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alex\Dane aplikacji\VDownloader
[2011-05-29 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2737A
[2009-11-21 23:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlcaTech
[2011-01-29 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2010-09-28 19:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astroburn Lite
[2012-07-08 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2010-12-28 21:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2012-03-29 20:53:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-12-27 21:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-12-08 21:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Freemake
[2010-12-07 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-12-07 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-08 15:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2011-08-10 15:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-07-28 13:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2012-12-16 12:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2012-03-29 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate
[2010-12-19 12:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio Ultimate Collection
[2010-05-11 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc
[2012-12-27 21:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-12-09 10:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-08-25 21:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-12-27 21:10:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012-12-27 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Dane aplikacji\TuneUp Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-05-03 14:23:53 | 000,001,204 | ---- | M] () -- C:\1.txt
[2012-12-31 16:21:21 | 000,013,138 | ---- | M] () -- C:\12312012_160147.log
[2012-10-20 10:50:30 | 155,576,680 | ---- | M] (NVIDIA Corporation) -- C:\306.81-desktop-winxp-32bit-international-whql.exe
[2012-09-21 07:17:12 | 000,702,281 | ---- | M] () -- C:\a1_geog.pdf
[2012-12-31 16:27:39 | 000,026,620 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013-01-01 18:12:55 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-11 14:49:35 | 000,475,490 | ---- | M] () -- C:\cc_20101111_144910.reg
[2010-11-11 14:49:52 | 000,003,986 | ---- | M] () -- C:\cc_20101111_144946.reg
[2012-10-20 20:27:04 | 000,002,233 | ---- | M] () -- C:\CIAGI.PAS
[2012-12-31 18:33:15 | 000,062,703 | ---- | M] () -- C:\ComboFix.txt
[2009-10-24 12:38:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-24 12:49:42 | 000,000,143 | ---- | M] () -- C:\csb.log
[2012-10-20 12:33:05 | 006,081,842 | ---- | M] (Treexy ) -- C:\driver_fusion_1.2.0.exe
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-09-20 19:19:16 | 000,003,868 | ---- | M] () -- C:\KALKU.BAK
[2012-09-26 18:23:19 | 000,011,888 | ---- | M] () -- C:\KALKU.EXE
[2012-09-20 19:27:08 | 000,004,194 | ---- | M] () -- C:\KALKU.PAS
[2012-09-20 18:53:55 | 000,007,645 | ---- | M] () -- C:\KALKU.rar
[2010-07-15 18:12:56 | 000,000,000 | RHS- | M] () -- C:\khx
[2010-08-10 23:16:11 | 000,000,000 | RHS- | M] () -- C:\khy
[2012-04-22 10:28:50 | 003,523,817 | ---- | M] () -- C:\Kombii - Pokolenie pobrano z ulub_pl.mp3
[2012-12-27 21:56:06 | 000,002,176 | ---- | M] () -- C:\kopia rejj.reg
[2010-04-19 13:54:40 | 076,119,274 | ---- | M] () -- C:\kopiazapasowa.reg
[2012-10-09 21:31:31 | 000,909,662 | ---- | M] () -- C:\Kopia_zapasowa_wiz.cdr
[2012-10-02 00:03:00 | 001,314,648 | ---- | M] () -- C:\Kopia_zapasowa_yuytu.cdr
[2009-10-24 12:38:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 23:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2013-01-01 18:19:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012-10-20 17:17:52 | 000,057,344 | ---- | M] () -- C:\pascal.ppt
[2012-12-06 00:17:40 | 000,791,552 | ---- | M] () -- C:\Pascal2.ppt
[2012-02-13 21:20:12 | 150,938,644 | ---- | M] () -- C:\Pawel Presents Trance Music vol.1.mp3
[2012-06-09 09:19:34 | 004,124,453 | ---- | M] () -- C:\presents 1.mp3
[2012-01-18 20:19:29 | 000,004,976 | ---- | M] () -- C:\PROGRAMM.EXE
[2012-01-18 20:12:20 | 000,000,386 | ---- | M] () -- C:\PROGRAMM.PAS
[2009-10-24 12:48:01 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2011-07-15 10:34:26 | 252,483,264 | ---- | M] () -- C:\S7302579.AVI
[2011-07-16 20:42:20 | 000,082,433 | ---- | M] () -- C:\saac1.2.zip
[2012-12-09 19:11:36 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2013-01-01 18:03:00 | 000,000,122 | ---- | M] () -- C:\service.log
[2012-07-03 10:45:56 | 001,587,696 | ---- | M] () -- C:\SetupVirtualCloneDrive5450.exe
[2011-09-14 21:00:06 | 115,729,182 | ---- | M] () -- C:\sysisie.rar
[2011-08-24 15:22:24 | 000,096,167 | ---- | M] () -- C:\Tabela 355 z dnia 27.07.11-zamkn. 1-31.08.11.xls.pdf
[2012-10-10 20:05:18 | 000,001,358 | ---- | M] () -- C:\TABELICE.BAK
[2012-10-10 20:20:15 | 000,005,328 | ---- | M] () -- C:\TABELICE.EXE
[2012-10-10 20:20:12 | 000,001,479 | ---- | M] () -- C:\TABELICE.PAS
[2012-12-31 18:41:30 | 000,092,784 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_31.12.2012_18.35.34_log.txt
[2012-05-04 12:18:34 | 004,586,328 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup.exe
[2012-01-02 22:34:36 | 000,421,020 | ---- | M] () -- C:\untitled.blend
[2012-01-02 16:23:23 | 000,413,592 | ---- | M] () -- C:\untitled.blend1
[2012-01-02 16:15:53 | 000,413,592 | ---- | M] () -- C:\untitled.blend2
[2012-12-19 17:08:57 | 000,051,254 | ---- | M] () -- C:\unwrap.png
[2012-11-26 21:21:21 | 000,027,238 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012-10-27 13:04:22 | 000,029,962 | ---- | M] () -- C:\Wheels0079_thumbhuge.jpg
[2011-10-09 21:46:11 | 082,870,453 | ---- | M] () -- C:\Wideo030.mp4
[2011-10-09 21:49:02 | 031,052,725 | ---- | M] () -- C:\Wideo031.mp4
[2011-12-24 12:55:18 | 363,715,223 | ---- | M] () -- C:\Wigilia Klasowa 2011.rar
[2012-10-10 20:31:16 | 000,076,434 | ---- | M] () -- C:\wiz.cdr
[2012-10-12 06:36:33 | 000,181,626 | ---- | M] () -- C:\wiz12.cdr
[2012-10-02 21:09:41 | 001,314,970 | ---- | M] () -- C:\yuytu.cdr
[2012-10-09 21:39:08 | 000,013,814 | ---- | M] () -- C:\zapro.cdr
[2012-04-20 14:17:50 | 003,394,278 | ---- | M] () -- C:\[www.dloader.pl]bashunter_-_now_you_re_gone.mp3
[2012-04-20 13:51:50 | 001,599,143 | ---- | M] () -- C:\[www.dloader.pl]basshunter_-_all_i_ever_wanted.mp3

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 00:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINNT\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-05-13 16:04:48 | 016,726,349 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINNT\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINNT\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINNT\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINNT\system32\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINNT\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

< End of report >

[/log]

Ext
[log]OTL Extras logfile created on: 2013-01-01 18:22:58 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\alex\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,39% Memory free
3,85 Gb Paging File | 3,58 Gb Available in Paging File | 93,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,78 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 14,52 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive E: | 132,07 Gb Total Space | 18,82 Gb Free Space | 14,25% Space Free | Partition Type: NTFS

Computer Name: ALEX | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (2720)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65356EEA-6ABF-437B-A7C7-5AAA0C6086F2}_is1" = Minecraft Auto wersja 1.0
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1326
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.126
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Obsługa programów Apple
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALLPlayer_is1" = ALLPlayer V4.X
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blender" = Blender
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4
"Elasto Mania" = Elasto Mania
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Expressivo" = Expressivo
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter wersja 3.0.0
"Gadu-Gadu 10" = Gadu-Gadu 10
"Hardcore" = Hardcore
"Historyczna mapa polskiej sieci kolejowej_is1" = Rail Map 2.2
"IL Download Manager" = IL Download Manager
"ImageHelper 1.01" = ImageHelper 1.01
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"ipla" = ipla 2.2.1
"IrfanView" = IrfanView (remove only)
"IVONA ControlCenter" = IVONA ControlCenter
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Lexmark 640 Series" = Lexmark 640 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia 2_is1" = Mafia 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixed In Key" = Mixed In Key 2.5
"MixVibesProducerDemo.exe" = MixVibes PRODUCER DEMO uninstall
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notowania OnLine 3.0 DM BZWBK S.A._is1" = Notowania OnLine 3.0 DM BZWBK S.A.
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"Runway Designer" = Runway Designer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"TrainzObjectz_is1" = TrainzObjectz 6.0 Build 544
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1801674531-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-29 11:58:36 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:26 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 05:22:47 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 06:58:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description =

Error - 2012-12-30 09:54:33 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd acrord32.exe, wersja 5.0.1.329, moduł powodujący
błąd acrord32.exe, wersja 5.0.1.329, adres błędu 0x0014f885.

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 10:22:22 | Computer Name = ALEX | Source = OptimizerProUpdater | ID = 0
Description =

Error - 2012-12-30 11:38:02 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description =

Error - 2012-12-31 07:32:53 | Computer Name = ALEX | Source = Avira AntiVir | ID = 4112
Description =

[ System Events ]
Error - 2012-12-31 14:19:32 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 14:19:42 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 14:20:37 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 14:22:21 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 14:22:26 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 14:22:26 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-31 14:22:40 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-31 14:23:15 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-12-31 15:21:27 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2013-01-01 05:37:19 | Computer Name = ALEX | Source = DCOM | ID = 10010
Description = Serwer {4EB61BAC-A3B6-4760-9581-655041EF4D69} nie zarejestrował się
w modelu DCOM w wymaganym czasie.


< End of report >

[/log]

z tym, że usuwanie przeprowadzilem dwa razy, bo za pierwszym razem raport mi nie wyskoczyl, a zapomnialem, że sie zapisuje w tym folderze... Wrzucilem ten log z drugiego usuwania.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.