EXPOLORER.exe - jak się pozbyć ?

31 stycznia 2013

ComboFix miał problemy.
Daj log z OTL.

31 stycznia 2013

[log]

OTL logfile created on: 2013-01-31 20:45:11 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 719,25 Mb Available Physical Memory | 70,83% Memory free
2,39 Gb Paging File | 2,06 Gb Available in Paging File | 86,11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 43,80 Gb Free Space | 74,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,25 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 3,63 Gb Total Space | 3,56 Gb Free Space | 97,94% Space Free | Partition Type: FAT32

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-01-31 00:10:14 | 000,878,928 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-01-01 17:56:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piootrek\Pulpit\OTL.exe
PRC - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2006-08-02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-01-09 17:27:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\omepcb.dll -- (nfipqs)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2013-01-09 17:28:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006-05-25 16:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003-08-12 15:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 21:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2013-01-28 21:03:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357469666125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357470585531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C623AF4C-8D95-491C-9A29-24DCEC5B7DCF}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-30 19:58:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ojumdcjt - File not found
NetSvcs: nfipqs - C:\WINDOWS\system32\omepcb.dll File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-01-30 22:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Sun
[2013-01-30 22:31:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013-01-30 22:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-29 21:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Notepad++
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-29 17:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Apache Friends
[2013-01-29 17:28:59 | 000,000,000 | ---D | C] -- C:\xampp
[2013-01-29 13:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\org. httdocs
[2013-01-29 12:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\cryingdamson 0.3.6 (8.60) V7
[2013-01-28 22:05:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-01-28 20:43:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013-01-28 20:36:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-01-28 20:36:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-01-28 20:36:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-01-28 20:36:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-01-28 20:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Narzędzia administracyjne
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje wideo
[2013-01-28 20:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-01-28 20:32:43 | 005,028,084 | R--- | C] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 19:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2
[2013-01-28 08:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Doctor Web
[2013-01-27 21:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller
[2013-01-24 20:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\skanowania
[2013-01-24 16:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2013-01-24 16:21:08 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013-01-24 16:21:08 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013-01-24 16:21:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013-01-24 16:21:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013-01-24 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2013-01-24 12:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-24 12:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013-01-24 12:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
[2013-01-22 16:42:33 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2013-01-21 18:39:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013-01-18 16:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Recuva
[2013-01-18 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013-01-18 15:55:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-01-18 14:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2013-01-18 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013-01-17 18:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\Nowy folder
[2013-01-14 18:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Piszę poprawnie 4
[2013-01-14 18:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pisze poprawnie 4
[2013-01-14 18:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Niezbędnik rowerzysty
[2013-01-14 18:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Niezbednik rowerzysty
[2013-01-14 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP
[2013-01-14 18:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 4 - Wczoraj i dzis
[2013-01-14 18:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Szkola podstawowa klasy 4-6
[2013-01-14 18:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa - Muzyka na ekranie
[2013-01-14 16:36:29 | 000,104,960 | ---- | C] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-01-13 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Szkola podstawowa klasa 4
[2013-01-13 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\YDP
[2013-01-13 19:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 4 - Tajemnice przyrody
[2013-01-13 13:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG
[2013-01-13 13:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG
[2013-01-13 13:33:26 | 000,054,272 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Piootrek\Moje dokumenty\setup-4.5.9.exe
[2013-01-11 22:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Identities
[2013-01-11 18:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 16:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Remere's Map Editor
[2013-01-06 16:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Remere's Map Editor
[2013-01-06 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-06 14:29:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013-01-06 13:36:53 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-01-06 13:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-06 13:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Dll-Files Fixer
[2013-01-06 13:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2013-01-06 13:09:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2013-01-06 13:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013-01-06 13:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-01-06 13:06:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013-01-06 12:48:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2013-01-06 11:31:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\PrivacIE
[2013-01-06 10:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-06 10:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Tibia + inne
[2013-01-05 22:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\WapSter
[2013-01-05 22:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[2013-01-05 22:44:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013-01-05 22:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\WapSter
[2013-01-05 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-05 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-05 19:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-05 18:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Google
[2013-01-05 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Opera
[2013-01-05 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-05 18:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 18:30:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje obrazy
[2013-01-05 18:30:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moja muzyka
[2013-01-05 18:29:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\IETldCache
[2013-01-05 18:29:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\SendTo
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Recent
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Ulubione
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Autostart
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Akcesoria
[2013-01-05 18:29:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\Cookies
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\Szablony
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\PrintHood
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\NetHood
[2013-01-05 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit
[2013-01-05 18:29:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne
[2013-01-05 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft
[2013-01-05 11:08:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2013-01-05 11:07:59 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2013-01-05 11:07:53 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013-01-05 08:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013-01-04 15:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013-01-04 15:32:41 | 000,018,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013-01-04 15:32:31 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013-01-04 15:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2013-01-02 15:33:53 | 000,000,000 | ---D | C] -- C:\_OTL

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-01-31 20:24:06 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-01-30 20:39:31 | 000,086,730 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-30 13:12:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-01-29 18:25:07 | 005,900,569 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-29 17:29:31 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP Control Panel.lnk
[2013-01-28 21:03:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-01-28 20:44:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013-01-28 20:33:18 | 005,028,084 | R--- | M] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 20:00:27 | 102,121,490 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-28 19:31:25 | 004,636,341 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2.rar
[2013-01-27 21:21:24 | 110,118,344 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-27 21:10:55 | 000,164,134 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller.zip
[2013-01-27 20:47:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-01-24 12:32:19 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Search the Web.url
[2013-01-24 12:32:18 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\SweetPcFix.url
[2013-01-23 14:10:15 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-19 14:08:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013-01-18 16:48:42 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-18 16:25:35 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2013-01-14 16:36:40 | 000,104,960 | ---- | M] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-01-14 15:32:59 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-01-13 13:34:12 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\ElfBot NG.lnk
[2013-01-13 13:33:40 | 000,054,272 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Piootrek\Moje dokumenty\setup-4.5.9.exe
[2013-01-13 13:33:23 | 001,858,560 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ElfCrack.exe
[2013-01-09 17:28:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-01-09 17:27:57 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-01-06 13:36:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-01-06 13:35:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dll-Files Fixer.lnk
[2013-01-06 13:26:43 | 000,501,498 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-01-06 13:26:43 | 000,088,124 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-01-06 13:26:42 | 000,442,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-01-06 13:26:42 | 000,069,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-01-06 12:49:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-01-05 22:52:08 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\AQQ.lnk
[2013-01-05 19:07:08 | 000,006,091 | ---- | M] () -- C:\WINDOWS\stsetup.htm
[2013-01-05 19:07:05 | 000,001,414 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
[2013-01-05 18:47:43 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Google Chrome.lnk
[2013-01-05 18:31:52 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Moje dokumenty.lnk
[2013-01-05 18:31:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Mój komputer.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-01-30 20:39:28 | 000,086,730 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:24:23 | 005,900,569 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-29 17:29:31 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP Control Panel.lnk
[2013-01-28 22:04:54 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Opera.lnk
[2013-01-28 20:44:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-01-28 20:43:49 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2013-01-28 20:36:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-01-28 20:36:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-01-28 20:36:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-01-28 20:36:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-01-28 20:36:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-01-28 19:45:48 | 102,121,490 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-28 19:30:53 | 004,636,341 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2.rar
[2013-01-27 21:10:55 | 000,164,134 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller.zip
[2013-01-27 21:07:32 | 110,118,344 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-24 12:32:19 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Search the Web.url
[2013-01-24 12:32:18 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\SweetPcFix.url
[2013-01-22 17:09:32 | 1792,917,834 | ---- | C] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-18 16:25:34 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2013-01-13 13:34:12 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\ElfBot NG.lnk
[2013-01-13 13:33:13 | 001,858,560 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ElfCrack.exe
[2013-01-06 15:01:39 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Total Video Player.lnk
[2013-01-06 13:36:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013-01-06 13:36:43 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013-01-06 13:35:57 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dll-Files Fixer.lnk
[2013-01-06 12:40:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-05 22:52:08 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\AQQ.lnk
[2013-01-05 19:07:05 | 000,001,414 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
[2013-01-05 18:34:17 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Google Chrome.lnk
[2013-01-05 18:34:05 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Tibia MULTI-IP Changer.lnk
[2013-01-05 18:31:52 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Moje dokumenty.lnk
[2013-01-05 18:31:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Mój komputer.lnk
[2013-01-05 18:30:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Internet Explorer.lnk
[2013-01-05 18:30:08 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Outlook Express.lnk
[2013-01-05 18:29:52 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Pomoc zdalna.lnk
[2013-01-05 18:29:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Windows Media Player.lnk
[2012-12-30 20:27:43 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2012-12-30 20:27:42 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2012-12-30 20:27:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
[2012-12-30 20:25:34 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2012-12-30 20:20:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-30 20:19:40 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-30 20:13:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-30 20:13:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-12-30 20:13:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-12-30 20:02:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-30 19:54:47 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012-12-31 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GG
[2012-12-31 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org
[2012-12-30 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-12-30 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia
[2013-01-18 15:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2012-12-31 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-01-24 12:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
[2013-01-31 18:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-05 18:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-05 19:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< C:\*.* >[/color]
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-12-30 19:52:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013-01-28 20:44:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2013-01-28 21:11:24 | 000,007,724 | ---- | M] () -- C:\ComboFix.txt
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:54 | 000,250,624 | ---- | M] () -- C:\ntldr
[2013-01-30 13:11:39 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2013-01-02 16:07:15 | 000,173,141 | ---- | M] () -- C:\result.txt
[2013-01-27 21:02:02 | 000,130,122 | ---- | M] () -- C:\rmslt.log
[2013-01-22 17:48:31 | 000,005,970 | ---- | M] () -- C:\UsbFix.txt
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2012-12-30 19:56:04 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012-12-30 20:03:31 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012-12-31 00:28:19 | 000,000,930 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013-01-06 13:36:43 | 000,000,270 | ---- | C] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013-01-06 13:36:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job

[color=#A23BEC]< D:\*.* >[/color]
[2011-11-11 15:06:30 | 171,815,304 | ---- | M] () -- D:\ArcaSetup2011-PL-32bit.exe
[2013-01-20 10:13:16 | 000,268,288 | ---- | M] () -- D:\lineage2eu-4game.exe
[2012-06-06 18:18:50 | 001,010,176 | ---- | M] () -- D:\Runes_of_Magic_4_0_8_2506_slim_eu.exe
[2012-12-31 20:53:39 | 000,053,248 | ---- | M] (EffectMatrix Inc. ) -- D:\tvpsetup.exe

[color=#A23BEC]< E:\*.* >[/color]

[color=#A23BEC]< F:\*.* >[/color]

[color=#A23BEC]< G:\*.* >[/color]
[2013-01-28 19:31:26 | 004,636,341 | ---- | M] () -- G:\RME-v3.0-beta-2.rar
[2013-01-18 14:23:58 | 007,784,270 | ---- | M] () -- G:\cryingdamson 0.3.6 (8.60) V7.rar
[2013-01-18 14:27:42 | 002,261,051 | ---- | M] () -- G:\Source 7.0.rar

[color=#A23BEC]< H:\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-05 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-24 12:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-30 22:31:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-30 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-05 19:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-06 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

[color=#A23BEC]< %SYSTEMDRIVE%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\erdnt\cache\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006-10-25 17:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) MD5=38B1F04FF8875575D5E43FEB5931D7E2 -- C:\_OTL\MovedFiles\01022013_153353\C_WINDOWS\system32\EXPLORER.EXE

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2004-08-03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\drivers\ntfs.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2004-08-03 23:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AB82237486B727DD7DAB36A76F38A3A2 -- C:\WINDOWS\system32\ws2_32.dll

[color=#A23BEC]< %systemroot%\system32\kernel32.dll /md5 >[/color]
[2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) MD5=578BB2F44597CB53451DED99013573F3 -- C:\WINDOWS\system32\kernel32.dll

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\WINDOWS\system32\user32.dll

[color=#A23BEC]< %systemroot%\Tasks\*.* /lockedfiles >[/color]

[color=#E56717]========== Restore Points Found ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B

< End of report >
[/log]

[log]

OTL Extras logfile created on: 2013-01-31 20:45:11 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 719,25 Mb Available Physical Memory | 70,83% Memory free
2,39 Gb Paging File | 2,06 Gb Available in Paging File | 86,11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 43,80 Gb Free Space | 74,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,25 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 3,63 Gb Total Space | 3,56 Gb Free Space | 97,94% Space Free | Partition Type: FAT32

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.G4EHL74QSLVOMH4CVX3CGXCZ5U] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2729:TCP" = 2729:TCP:*:Enabled:kffmn
"50000:TCP" = 50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)
"50001:TCP" = 50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ -- (AQQ Sp. z o.o.)
"C:\UsbFix\Go.exe" = C:\UsbFix\Go.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Program Files\Tibia\Tibia.exe" = C:\Program Files\Tibia\Tibia.exe:*:Enabled:ipsec -- (CipSoft GmbH)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe" = C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec -- (Asprate)
"C:\WINDOWS\SOUNDMAN.EXE" = C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
"C:\WINDOWS\system32\hkcmd.exe" = C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Documents and Settings\Piootrek\Pulpit\OTL.exe" = C:\Documents and Settings\Piootrek\Pulpit\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0FE292-E7D0-4938-AA41-E6E5F72D21BC}" = Remere's Map Editor
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4849E74C-3408-467A-AF8B-F3DEC3C07542}" = Niezbędnik rowerzysty
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AQQ" = WapSter AQQ
"Dll-Files Fixer_is1" = Dll-Files Fixer
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ElfBot NG_is1" = ElfBot NG 4.5.9
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Notepad++" = Notepad++
"Opera 12.13.1734" = Opera 12.13
"RealAlt_is1" = Real Alternative 2.0.2
"Recuva" = Recuva
"StmAdsl" = ADSL Modem
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Usbfix" = UsbFix By El Desaparecido
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"xampp" = XAMPP 1.8.1

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-01-19 09:34:41 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-20 04:08:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 10:54:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:06:01 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:32:34 | Computer Name = PIOTREK | Source = EventSystem | ID = 4618
Description = System zdarzeń modelu COM+ spowodował nieoczekiwane naruszenie praw
dostępu 0x774E2E03, próbując uzyskać dostęp do adresu 0x00000018. Skontaktuj się
z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. ole32!StringFromGUID2+0x109
ole32!StringFromGUID2+0x98
ole32!CoMarshalInterface+0x658
ole32!CoMarshalInterface+0x7d2
RPCRT4!IUnknown_Release_Proxy+0x11
es!DllGetClassObject+0x33ca
es!DllGetClassObject+0x3b06
msmsgs!+0x105991
msvcrt!_cexit+0xf
ntdll!LdrInitializeThunk+0x29
ntdll!LdrShutdownProcess+0x142
kernel32!IsValidLocale+0x8eb
kernel32!ExitProcess+0x14
kernel32!FindAtomW+0x112a

Error - 2013-01-21 13:43:12 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 3.1.4000.1823, moduł
powodujący błąd , wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2013-01-29 12:15:16 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 12:17:10 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 15:19:35 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x0006a93a.

Error - 2013-01-29 16:25:56 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x00060911.

[ System Events ]
Error - 2013-01-24 12:06:21 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%1114

Error - 2013-01-24 12:46:20 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-24 15:46:09 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-27 15:53:25 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

< End of report >
[/log]

1 lutego 2013

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej i wciśnij [b]Wykonaj Skrypt[/b].:

:OTL
NetSvcs: ojumdcjt - File not found
NetSvcs: nfipqs - C:\WINDOWS\system32\omepcb.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/..._4_0_03-win.cab (Reg Error: Value error.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
DRV - File not found [Kernel | On_Demand Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\omepcb.dll -- (nfipqs)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)

:Files
C:\WINDOWS\tasks\*.job
netsh firewall reset /C

:Commands
[emptytemp]

Edytowane 1 lutego 2013 przez wirusolog

1 lutego 2013

raport

[log]

All processes killed
========== OTL ==========
ojumdcjt removed from NetSvcs value successfully!
nfipqs removed from NetSvcs value successfully!
Service nfipqs stopped successfully!
Service nfipqs deleted successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service PCAMPR5 stopped successfully!
Service PCAMPR5 deleted successfully!
File C:\WINDOWS\system32\PCAMPR5.SYS not found.
Error: No service named nfipqs was found to stop!
Service\Driver key nfipqs not found.
File C:\WINDOWS\system32\omepcb.dll not found.
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
File C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc not found.
Service gupdate stopped successfully!
Service gupdate deleted successfully!
File C:\Program Files\Google\Update\GoogleUpdate.exe /svc not found.
========== FILES ==========
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job moved successfully.
C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job moved successfully.
[color=#A23BEC]< netsh firewall reset /C >[/color]
Ok.
C:\Documents and Settings\Piootrek\Pulpit\cmd.bat deleted successfully.
C:\Documents and Settings\Piootrek\Pulpit\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Google Chrome cache emptied: 14776186 bytes
->Opera cache emptied: 49056592 bytes
->Flash cache emptied: 7880 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kuba
->Temp folder emptied: 349293 bytes
->Temporary Internet Files folder emptied: 77045 bytes
->Opera cache emptied: 50004674 bytes
->Flash cache emptied: 39053 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Piootrek
->Temp folder emptied: 3070746 bytes
->Temporary Internet Files folder emptied: 192798 bytes
->Google Chrome cache emptied: 351439367 bytes
->Opera cache emptied: 49921099 bytes
->Flash cache emptied: 3137 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131072 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 495,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02012013_174630

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
[/log]

Co dalej? Czy znowu bd trzeba uzywac combo fixa ?

1 lutego 2013

Pokaż nowe logi z OTL.

15 lutego 2013

[log]OTL logfile created on: 2013-02-01 21:52:24 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 707,59 Mb Available Physical Memory | 69,68% Memory free
2,39 Gb Paging File | 2,07 Gb Available in Paging File | 86,45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 44,08 Gb Free Space | 75,23% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,25 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 3,63 Gb Total Space | 3,56 Gb Free Space | 97,94% Space Free | Partition Type: FAT32

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-01-31 00:10:14 | 000,878,928 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-01-01 17:56:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piootrek\Pulpit\OTL.exe
PRC - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-08-18 11:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2006-08-02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013-01-09 17:27:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012-09-17 11:05:12 | 000,025,088 | ---- | M] () -- C:\xampp\php\php5apache2_4.dll
MOD - [2012-06-18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012-04-04 17:47:22 | 000,108,032 | ---- | M] () -- C:\xampp\apache\bin\pcre.dll
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-01-09 17:28:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006-05-25 16:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003-08-12 15:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 21:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2013-01-28 21:03:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357469666125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357470585531 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C623AF4C-8D95-491C-9A29-24DCEC5B7DCF}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-30 19:58:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: hidserv - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: wmdmpmsp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-02-01 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\MegaEvo by Help3R_Ichtio
[2013-01-30 22:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Sun
[2013-01-30 22:31:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013-01-30 22:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-29 21:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Notepad++
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-29 17:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Apache Friends
[2013-01-29 17:28:59 | 000,000,000 | ---D | C] -- C:\xampp
[2013-01-29 13:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\org. httdocs
[2013-01-29 12:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\cryingdamson 0.3.6 (8.60) V7
[2013-01-28 22:05:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-01-28 20:43:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013-01-28 20:36:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-01-28 20:36:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-01-28 20:36:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-01-28 20:36:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-01-28 20:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Narzędzia administracyjne
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje wideo
[2013-01-28 20:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-01-28 20:32:43 | 005,028,084 | R--- | C] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 19:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2
[2013-01-28 08:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Doctor Web
[2013-01-27 21:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller
[2013-01-24 20:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\skanowania
[2013-01-24 16:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2013-01-24 16:21:08 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013-01-24 16:21:08 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013-01-24 16:21:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013-01-24 16:21:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013-01-24 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2013-01-24 12:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-24 12:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013-01-24 12:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
[2013-01-22 16:42:33 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2013-01-21 18:39:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013-01-18 16:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Recuva
[2013-01-18 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013-01-18 15:55:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-01-18 14:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2013-01-18 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013-01-17 18:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\Nowy folder
[2013-01-14 18:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Piszę poprawnie 4
[2013-01-14 18:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Pisze poprawnie 4
[2013-01-14 18:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Niezbędnik rowerzysty
[2013-01-14 18:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Niezbednik rowerzysty
[2013-01-14 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP
[2013-01-14 18:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 4 - Wczoraj i dzis
[2013-01-14 18:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Szkola podstawowa klasy 4-6
[2013-01-14 18:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa - Muzyka na ekranie
[2013-01-14 16:36:29 | 000,104,960 | ---- | C] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-01-13 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Szkola podstawowa klasa 4
[2013-01-13 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\YDP
[2013-01-13 19:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 4 - Tajemnice przyrody
[2013-01-13 13:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG
[2013-01-13 13:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG
[2013-01-13 13:33:26 | 000,054,272 | ---- | C] (NGSoft, LLC ) -- C:\Documents and Settings\Piootrek\Moje dokumenty\setup-4.5.9.exe
[2013-01-11 22:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Identities
[2013-01-11 18:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 16:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Remere's Map Editor
[2013-01-06 16:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Remere's Map Editor
[2013-01-06 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-06 14:29:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013-01-06 13:36:53 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-01-06 13:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-06 13:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Dll-Files Fixer
[2013-01-06 13:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2013-01-06 13:09:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2013-01-06 13:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013-01-06 13:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-01-06 13:06:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013-01-06 12:48:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2013-01-06 11:31:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\PrivacIE
[2013-01-06 10:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-06 10:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Tibia + inne
[2013-01-05 22:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\WapSter
[2013-01-05 22:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[2013-01-05 22:44:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013-01-05 22:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\WapSter
[2013-01-05 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-05 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-05 19:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-05 18:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Google
[2013-01-05 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Opera
[2013-01-05 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-05 18:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 18:30:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje obrazy
[2013-01-05 18:30:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moja muzyka
[2013-01-05 18:29:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\IETldCache
[2013-01-05 18:29:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\SendTo
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Recent
[2013-01-05 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Ulubione
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Autostart
[2013-01-05 18:29:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Akcesoria
[2013-01-05 18:29:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\Cookies
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\Szablony
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\PrintHood
[2013-01-05 18:29:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\NetHood
[2013-01-05 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit
[2013-01-05 18:29:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne
[2013-01-05 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft
[2013-01-05 11:08:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2013-01-05 11:07:59 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2013-01-05 11:07:53 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013-01-05 08:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013-01-04 15:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013-01-04 15:32:41 | 000,018,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013-01-04 15:32:31 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013-01-04 15:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL

========== Files - Modified Within 30 Days ==========

[2013-02-01 17:49:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-02-01 12:04:59 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Skrót do TheForgottenServer8.60V3.lnk
[2013-02-01 10:09:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-01-30 20:39:31 | 000,086,730 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:25:52 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-01-29 18:25:07 | 005,900,569 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-29 17:29:31 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP Control Panel.lnk
[2013-01-28 21:03:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-01-28 20:44:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013-01-28 20:33:18 | 005,028,084 | R--- | M] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 20:00:27 | 102,121,490 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-28 19:31:25 | 004,636,341 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2.rar
[2013-01-27 21:21:24 | 110,118,344 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-27 21:10:55 | 000,164,134 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller.zip
[2013-01-24 12:32:19 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Search the Web.url
[2013-01-24 12:32:18 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\SweetPcFix.url
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-18 16:48:42 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-18 16:25:35 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2013-01-14 16:36:40 | 000,104,960 | ---- | M] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-01-14 15:32:59 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-01-13 13:34:12 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\ElfBot NG.lnk
[2013-01-13 13:33:40 | 000,054,272 | ---- | M] (NGSoft, LLC ) -- C:\Documents and Settings\Piootrek\Moje dokumenty\setup-4.5.9.exe
[2013-01-13 13:33:23 | 001,858,560 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ElfCrack.exe
[2013-01-09 17:28:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-01-09 17:27:57 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-01-06 13:36:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013-01-06 13:35:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dll-Files Fixer.lnk
[2013-01-06 13:26:43 | 000,501,498 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-01-06 13:26:43 | 000,088,124 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-01-06 13:26:42 | 000,442,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-01-06 13:26:42 | 000,069,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-01-06 12:49:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-01-05 22:52:08 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\AQQ.lnk
[2013-01-05 19:07:08 | 000,006,091 | ---- | M] () -- C:\WINDOWS\stsetup.htm
[2013-01-05 19:07:05 | 000,001,414 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
[2013-01-05 18:47:43 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Google Chrome.lnk
[2013-01-05 18:31:52 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Moje dokumenty.lnk
[2013-01-05 18:31:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Mój komputer.lnk

========== Files Created - No Company Name ==========

[2013-02-01 19:52:58 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-02-01 12:04:59 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Skrót do TheForgottenServer8.60V3.lnk
[2013-01-30 20:39:28 | 000,086,730 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:24:23 | 005,900,569 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-29 17:29:31 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP Control Panel.lnk
[2013-01-28 22:04:54 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Opera.lnk
[2013-01-28 20:44:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-01-28 20:43:49 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2013-01-28 20:36:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-01-28 20:36:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-01-28 20:36:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-01-28 20:36:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-01-28 20:36:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-01-28 19:45:48 | 102,121,490 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-28 19:30:53 | 004,636,341 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2.rar
[2013-01-27 21:10:55 | 000,164,134 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller.zip
[2013-01-27 21:07:32 | 110,118,344 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-24 12:32:19 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Search the Web.url
[2013-01-24 12:32:18 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\SweetPcFix.url
[2013-01-22 17:09:32 | 1792,917,834 | ---- | C] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-18 16:25:34 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2013-01-13 13:34:12 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\ElfBot NG.lnk
[2013-01-13 13:33:13 | 001,858,560 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ElfCrack.exe
[2013-01-06 15:01:39 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Total Video Player.lnk
[2013-01-06 13:35:57 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dll-Files Fixer.lnk
[2013-01-06 12:40:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-05 22:52:08 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\AQQ.lnk
[2013-01-05 19:07:05 | 000,001,414 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
[2013-01-05 18:34:17 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Google Chrome.lnk
[2013-01-05 18:34:05 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Tibia MULTI-IP Changer.lnk
[2013-01-05 18:31:52 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Moje dokumenty.lnk
[2013-01-05 18:31:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Mój komputer.lnk
[2013-01-05 18:30:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Internet Explorer.lnk
[2013-01-05 18:30:08 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Outlook Express.lnk
[2013-01-05 18:29:52 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Pomoc zdalna.lnk
[2013-01-05 18:29:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Windows Media Player.lnk
[2012-12-30 20:27:43 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2012-12-30 20:27:42 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2012-12-30 20:27:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
[2012-12-30 20:25:34 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2012-12-30 20:20:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-30 20:19:40 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-30 20:13:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-30 20:13:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-12-30 20:13:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-12-30 20:02:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-30 19:54:47 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-12-31 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GG
[2012-12-31 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org
[2012-12-30 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-12-30 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia
[2013-01-18 15:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2012-12-31 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-01-24 12:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM
[2013-02-01 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-05 18:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-05 19:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

========== Purity Check ==========

========== Custom Scans ==========

< C:\*.* >
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-12-30 19:52:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013-01-28 20:44:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2013-01-28 21:11:24 | 000,007,724 | ---- | M] () -- C:\ComboFix.txt
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:54 | 000,250,624 | ---- | M] () -- C:\ntldr
[2013-02-01 17:49:00 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2013-01-02 16:07:15 | 000,173,141 | ---- | M] () -- C:\result.txt
[2013-01-27 21:02:02 | 000,130,122 | ---- | M] () -- C:\rmslt.log
[2013-01-22 17:48:31 | 000,005,970 | ---- | M] () -- C:\UsbFix.txt
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2012-12-30 19:56:04 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012-12-30 20:03:31 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< D:\*.* >
[2011-11-11 15:06:30 | 171,815,304 | ---- | M] () -- D:\ArcaSetup2011-PL-32bit.exe
[2013-01-20 10:13:16 | 000,268,288 | ---- | M] () -- D:\lineage2eu-4game.exe
[2012-06-06 18:18:50 | 001,010,176 | ---- | M] () -- D:\Runes_of_Magic_4_0_8_2506_slim_eu.exe
[2012-12-31 20:53:39 | 000,053,248 | ---- | M] (EffectMatrix Inc. ) -- D:\tvpsetup.exe

< E:\*.* >

< F:\*.* >

< G:\*.* >
[2013-01-28 19:31:26 | 004,636,341 | ---- | M] () -- G:\RME-v3.0-beta-2.rar
[2013-01-18 14:23:58 | 007,784,270 | ---- | M] () -- G:\cryingdamson 0.3.6 (8.60) V7.rar
[2013-01-18 14:27:42 | 002,261,051 | ---- | M] () -- G:\Source 7.0.rar

< H:\*.* >

< %ALLUSERSPROFILE%\Application Data\*. >

< %APPDATA%\*. >
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-05 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-24 12:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-30 22:31:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-30 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-05 19:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-06 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

< %SYSTEMDRIVE%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EXPLORER.EXE >
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\erdnt\cache\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006-10-25 17:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) MD5=38B1F04FF8875575D5E43FEB5931D7E2 -- C:\_OTL\MovedFiles\01022013_153353\C_WINDOWS\system32\EXPLORER.EXE

< MD5 for: NTFS.SYS >
[2004-08-03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SVCHOST.EXE >
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\system32\ws2_32.dll /md5 >
[2004-08-03 23:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AB82237486B727DD7DAB36A76F38A3A2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\kernel32.dll /md5 >
[2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) MD5=578BB2F44597CB53451DED99013573F3 -- C:\WINDOWS\system32\kernel32.dll

< %systemroot%\system32\user32.dll /md5 >
[2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\Tasks\*.* /lockedfiles >

========== Restore Points Found ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B

< End of report >
[/log]

[log]

OTL Extras logfile created on: 2013-02-01 21:52:24 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 707,59 Mb Available Physical Memory | 69,68% Memory free
2,39 Gb Paging File | 2,07 Gb Available in Paging File | 86,45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 44,08 Gb Free Space | 75,23% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,25 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 3,63 Gb Total Space | 3,56 Gb Free Space | 97,94% Space Free | Partition Type: FAT32

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.G4EHL74QSLVOMH4CVX3CGXCZ5U] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe" = D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe:*:Enabled:The Forgotten Server -- (OtLand.net)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0FE292-E7D0-4938-AA41-E6E5F72D21BC}" = Remere's Map Editor
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4849E74C-3408-467A-AF8B-F3DEC3C07542}" = Niezbędnik rowerzysty
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AQQ" = WapSter AQQ
"Dll-Files Fixer_is1" = Dll-Files Fixer
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ElfBot NG_is1" = ElfBot NG 4.5.9
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Notepad++" = Notepad++
"Opera 12.13.1734" = Opera 12.13
"RealAlt_is1" = Real Alternative 2.0.2
"Recuva" = Recuva
"StmAdsl" = ADSL Modem
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Usbfix" = UsbFix By El Desaparecido
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"xampp" = XAMPP 1.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-01-19 09:34:41 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-20 04:08:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 10:54:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:06:01 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:32:34 | Computer Name = PIOTREK | Source = EventSystem | ID = 4618
Description = System zdarzeń modelu COM+ spowodował nieoczekiwane naruszenie praw
dostępu 0x774E2E03, próbując uzyskać dostęp do adresu 0x00000018. Skontaktuj się
z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. ole32!StringFromGUID2+0x109
ole32!StringFromGUID2+0x98
ole32!CoMarshalInterface+0x658
ole32!CoMarshalInterface+0x7d2
RPCRT4!IUnknown_Release_Proxy+0x11
es!DllGetClassObject+0x33ca
es!DllGetClassObject+0x3b06
msmsgs!+0x105991
msvcrt!_cexit+0xf
ntdll!LdrInitializeThunk+0x29
ntdll!LdrShutdownProcess+0x142
kernel32!IsValidLocale+0x8eb
kernel32!ExitProcess+0x14
kernel32!FindAtomW+0x112a

Error - 2013-01-21 13:43:12 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 3.1.4000.1823, moduł
powodujący błąd , wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2013-01-29 12:15:16 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 12:17:10 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 15:19:35 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x0006a93a.

Error - 2013-01-29 16:25:56 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x00060911.

[ System Events ]
Error - 2013-01-24 12:06:21 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%1114

Error - 2013-01-24 12:46:20 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-24 15:46:09 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-27 15:53:25 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

< End of report >
[/log]

odświeżam

Odświeżam...

//Edit: Pojawiaja sie blue screeny i czesto po starcie systemu pojawia sie komunikat że system windows odzyskał sprawnośc po poważnym błędzie... czy jest w stanie ktoś sie tym zainteresować ?...

Odświezam x2...

Edytowane 5 lutego 2013 przez Soul_bullock

16 lutego 2013

Pokaż nowe logi z OTL, bo te są już trochę za stare, dorzuć też log z Gmer.

Folder [b]C:\WINDOWS\Minidump[/b] spakuj w archiwum i wrzuć na jakiś serwer.

16 lutego 2013

OTL

[log]

OTL logfile created on: 2013-02-16 15:57:07 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 621,29 Mb Available Physical Memory | 61,18% Memory free
2,39 Gb Paging File | 2,00 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 39,97 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,20 Gb Free Space | 94,63% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-06 11:42:39 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-01-01 17:56:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piootrek\Pulpit\OTL.exe
PRC - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2006-08-02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013-01-09 17:27:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012-06-18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-02-01 19:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 17:28:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-11-09 15:33:32 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012-11-09 15:33:32 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012-11-09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-11-09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012-11-09 15:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-11-09 15:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006-05-25 16:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003-08-12 15:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 21:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://fr.msn.com/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-02-11 18:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-02-12 19:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla\Extensions
[2013-02-11 18:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-02-01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-02-01 21:08:18 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-01 21:08:18 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-01 21:08:18 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-01 21:08:18 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-01 21:08:18 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-01 21:08:18 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://search.b1.org/?bsrc=4hcxr&chid=c167991
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.b1.org/?bsrc=4hcxr&chid=c167991
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2013-01-28 21:03:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357469666125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357470585531 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C623AF4C-8D95-491C-9A29-24DCEC5B7DCF}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-30 19:58:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: hidserv - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: wmdmpmsp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-02-13 15:59:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2013-02-12 19:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Mozilla
[2013-02-12 19:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla
[2013-02-11 18:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2013-02-11 18:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-02-11 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-02-10 17:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267
[2013-02-10 16:25:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Recent
[2013-02-10 13:14:52 | 001,269,804 | ---- | C] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-02-10 13:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\xplore_symbian_lcg_1_52
[2013-02-10 12:53:20 | 000,384,680 | ---- | C] (Softonic ) -- C:\Documents and Settings\Piootrek\Pulpit\SoftonicDownloader_dla_x-plore.exe
[2013-02-09 20:14:11 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013-02-09 16:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\htdocs
[2013-02-09 16:00:28 | 000,000,000 | ---D | C] -- C:\VisumGOLD
[2013-02-09 14:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\B1E
[2013-02-09 14:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-02-09 11:40:10 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2013-02-09 11:40:08 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2013-02-09 11:40:05 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2013-02-09 11:40:02 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2013-02-09 11:39:59 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2013-02-09 11:39:57 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2013-02-09 11:39:57 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2013-02-09 11:39:57 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2013-02-09 11:39:57 | 000,018,560 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2013-02-09 11:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Phoenix
[2013-02-09 11:21:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013-02-09 10:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RM-540
[2013-02-08 22:31:02 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\winusb.sys
[2013-02-08 22:31:02 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winusb.dll
[2013-02-08 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Symbian-Toys.com
[2013-02-08 21:05:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013-02-08 21:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Phone Browser
[2013-02-08 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013-02-08 20:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-02-08 20:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2013-02-08 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2013-02-08 16:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Adobe
[2013-02-08 16:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013-02-08 16:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-02-08 16:24:48 | 031,668,120 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Piootrek\Moje dokumenty\AdbeRdr950_pl_PL.exe
[2013-02-08 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6
[2013-02-08 11:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Apache Friends
[2013-02-08 11:50:33 | 000,000,000 | ---D | C] -- C:\xampp
[2013-02-08 11:12:59 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2013-02-08 11:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013-02-08 10:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\soul
[2013-02-07 19:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2013-02-07 19:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2013-02-07 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013-02-07 19:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2013-02-07 17:46:30 | 324,204,808 | ---- | C] (Nero AG) -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nero-12.0.03400_trial.exe
[2013-02-07 14:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\database
[2013-02-06 11:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2013-02-06 11:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-02-06 11:12:22 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Piootrek\Moje dokumenty\ccsetup327.exe
[2013-02-04 17:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-02-02 14:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\Elfbot 8.50 - Crack
[2013-02-02 12:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tiberna
[2013-02-02 12:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tiberna
[2013-02-01 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\MegaEvo by Help3R_Ichtio
[2013-01-30 22:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Sun
[2013-01-30 22:31:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013-01-30 22:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Notepad++
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-29 13:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\org. httdocs
[2013-01-28 22:05:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-01-28 20:43:41 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013-01-28 20:36:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-01-28 20:36:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-01-28 20:36:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-01-28 20:36:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-01-28 20:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Narzędzia administracyjne
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje wideo
[2013-01-28 20:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-01-28 20:32:43 | 005,030,592 | ---- | C] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 19:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2
[2013-01-28 08:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Doctor Web
[2013-01-27 21:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller
[2013-01-24 16:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2013-01-24 16:21:08 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013-01-24 16:21:08 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013-01-24 16:21:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013-01-24 16:21:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013-01-24 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2013-01-24 12:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-22 16:42:33 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2013-01-21 18:39:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013-01-18 16:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Recuva
[2013-01-18 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013-01-18 15:55:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-01-18 14:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2013-01-18 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-02-16 15:26:49 | 000,046,534 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Minidump.rar
[2013-02-16 13:47:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-02-15 15:16:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-02-11 18:00:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2013-02-10 17:30:37 | 027,114,436 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267.tar.gz
[2013-02-10 13:14:52 | 001,269,804 | ---- | M] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-02-10 12:53:20 | 000,384,680 | ---- | M] (Softonic ) -- C:\Documents and Settings\Piootrek\Pulpit\SoftonicDownloader_dla_x-plore.exe
[2013-02-09 20:14:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013-02-09 20:14:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-02-09 14:49:50 | 011,586,909 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\gesior acc 0.3.6.rar
[2013-02-09 13:44:26 | 000,058,917 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa2.JPG
[2013-02-09 13:41:46 | 000,036,672 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa.JPG
[2013-02-09 12:58:59 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-02-09 11:44:59 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Phoenix.lnk
[2013-02-08 21:17:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2013-02-08 21:06:25 | 005,030,592 | ---- | M] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-02-08 20:59:48 | 001,203,896 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\nokia-connectivity-cable-driver.exe
[2013-02-08 16:29:01 | 031,668,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Piootrek\Moje dokumenty\AdbeRdr950_pl_PL.exe
[2013-02-08 16:20:33 | 056,854,589 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Visum Gold (8.60).rar
[2013-02-08 16:03:25 | 009,230,278 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6.rar
[2013-02-08 11:51:04 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP CP.lnk
[2013-02-08 11:05:17 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\RME.lnk
[2013-02-07 20:04:15 | 007,840,768 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nokia_Connectivity_Cable_Driver_pol.msi
[2013-02-07 19:51:31 | 000,000,256 | ---- | M] () -- C:\dk2.mem
[2013-02-07 18:28:00 | 324,204,808 | ---- | M] (Nero AG) -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nero-12.0.03400_trial.exe
[2013-02-06 11:17:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-02-06 11:12:56 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Piootrek\Moje dokumenty\ccsetup327.exe
[2013-02-05 11:49:05 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\userInit.dll
[2013-02-04 19:55:31 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-02-04 18:59:29 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Tiberna.exe.lnk
[2013-02-01 12:04:59 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\TFS.lnk
[2013-01-30 20:39:31 | 000,086,730 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:25:52 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-01-29 18:25:07 | 005,900,569 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-28 21:03:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-01-28 20:44:01 | 000,000,327 | ---- | M] () -- C:\boot.ini
[2013-01-28 20:00:27 | 102,121,490 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-27 21:21:24 | 110,118,344 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-18 16:48:42 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-18 16:25:35 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-02-16 15:26:49 | 000,046,534 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Minidump.rar
[2013-02-11 18:00:26 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2013-02-11 18:00:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2013-02-10 17:26:26 | 027,114,436 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267.tar.gz
[2013-02-09 20:14:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013-02-09 20:14:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-02-09 14:47:25 | 011,586,909 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\gesior acc 0.3.6.rar
[2013-02-09 13:44:25 | 000,058,917 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa2.JPG
[2013-02-09 13:41:46 | 000,036,672 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa.JPG
[2013-02-09 11:44:59 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Phoenix.lnk
[2013-02-08 20:59:44 | 001,203,896 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\nokia-connectivity-cable-driver.exe
[2013-02-08 16:33:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2013-02-08 16:33:47 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk
[2013-02-08 16:10:26 | 056,854,589 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Visum Gold (8.60).rar
[2013-02-08 16:02:10 | 009,230,278 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6.rar
[2013-02-08 11:51:04 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP CP.lnk
[2013-02-08 11:05:17 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\RME.lnk
[2013-02-07 20:03:17 | 007,840,768 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nokia_Connectivity_Cable_Driver_pol.msi
[2013-02-07 19:51:31 | 000,000,256 | ---- | C] () -- C:\dk2.mem
[2013-02-06 11:17:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-02-04 12:47:05 | 000,002,403 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Tiberna.exe.lnk
[2013-02-03 10:11:38 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll
[2013-02-01 19:52:58 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-02-01 12:04:59 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\TFS.lnk
[2013-01-30 20:39:28 | 000,086,730 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:24:23 | 005,900,569 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-28 22:04:54 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Opera.lnk
[2013-01-28 20:44:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-01-28 20:43:49 | 000,262,400 | ---- | C] () -- C:\cmldr
[2013-01-28 20:36:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-01-28 20:36:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-01-28 20:36:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-01-28 20:36:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-01-28 20:36:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-01-28 19:45:48 | 102,121,490 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-27 21:07:32 | 110,118,344 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-22 17:09:32 | 1792,917,834 | ---- | C] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-18 16:25:34 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Recuva.lnk
[2013-01-06 12:40:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-30 20:27:43 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2012-12-30 20:27:42 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2012-12-30 20:27:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
[2012-12-30 20:25:34 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2012-12-30 20:20:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-30 20:19:40 | 000,127,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-30 20:13:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-30 20:13:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-12-30 20:13:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-12-30 20:02:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-30 19:54:47 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:21:32 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-12-31 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GG
[2012-12-31 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org
[2012-12-30 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-12-30 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia
[2013-01-18 15:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2013-02-09 11:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2012-12-31 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-02-09 11:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2013-02-08 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2013-02-04 17:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-05 18:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-02-09 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-02-08 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-02-04 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

========== Purity Check ==========

========== Custom Scans ==========

< C:\*.* >
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-12-30 19:52:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013-01-28 20:44:01 | 000,000,327 | ---- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2013-01-28 21:11:24 | 000,007,724 | ---- | M] () -- C:\ComboFix.txt
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013-02-07 19:51:31 | 000,000,256 | ---- | M] () -- C:\dk2.mem
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:54 | 000,250,624 | ---- | M] () -- C:\ntldr
[2013-02-16 13:47:46 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2013-01-02 16:07:15 | 000,173,141 | ---- | M] () -- C:\result.txt
[2013-01-27 21:02:02 | 000,130,122 | ---- | M] () -- C:\rmslt.log
[2013-02-10 13:26:27 | 000,005,995 | ---- | M] () -- C:\UsbFix.txt
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2012-12-30 19:56:04 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012-12-30 20:03:31 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< D:\*.* >
[2011-11-11 15:06:30 | 171,815,304 | ---- | M] () -- D:\ArcaSetup2011-PL-32bit.exe
[2012-12-31 20:53:39 | 000,053,248 | ---- | M] (EffectMatrix Inc. ) -- D:\tvpsetup.exe

< E:\*.* >
[2013-02-11 19:25:34 | 000,009,162 | ---- | M] () -- E:\firestorm.txt

< F:\*.* >

< G:\*.* >

< H:\*.* >

< %ALLUSERSPROFILE%\Application Data\*. >

< %APPDATA%\*. >
[2013-02-08 16:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-02-09 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-05 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-24 12:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-02-08 22:29:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-02-12 19:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-02-08 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-30 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-02-04 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-06 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

< %SYSTEMDRIVE%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EXPLORER.EXE >
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\erdnt\cache\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006-10-25 17:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) MD5=38B1F04FF8875575D5E43FEB5931D7E2 -- C:\_OTL\MovedFiles\01022013_153353\C_WINDOWS\system32\EXPLORER.EXE

< MD5 for: NTFS.SYS >
[2004-08-03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SVCHOST.EXE >
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\system32\ws2_32.dll /md5 >
[2004-08-03 23:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AB82237486B727DD7DAB36A76F38A3A2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\kernel32.dll /md5 >
[2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) MD5=578BB2F44597CB53451DED99013573F3 -- C:\WINDOWS\system32\kernel32.dll

< %systemroot%\system32\user32.dll /md5 >
[2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\Tasks\*.* /lockedfiles >

========== Restore Points Found ==========

< End of report >

[/log]

Extras

[log]

OTL Extras logfile created on: 2013-02-16 15:57:07 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 621,29 Mb Available Physical Memory | 61,18% Memory free
2,39 Gb Paging File | 2,00 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 39,97 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,20 Gb Free Space | 94,63% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.G4EHL74QSLVOMH4CVX3CGXCZ5U] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe" = D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Nokia\Phoenix\phoenix.exe" = C:\Program Files\Nokia\Phoenix\phoenix.exe:*:Enabled:Phoenix Application -- (Nokia)
"C:\Program Files\Common Files\Nokia\Fuse\FuseService.exe" = C:\Program Files\Common Files\Nokia\Fuse\FuseService.exe:*:Enabled:Fuse Service -- (Nokia)
"C:\vXampp\apache\bin\httpd.exe" = C:\vXampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\vXampp\mysql\bin\mysqld.exe" = C:\vXampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\VisumGOLD\VisumGOLD.exe" = C:\VisumGOLD\VisumGOLD.exe:*:Enabled:Visum2GOLD SQL -- (VisumOTS.pl)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0FE292-E7D0-4938-AA41-E6E5F72D21BC}" = Remere's Map Editor
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4849E74C-3408-467A-AF8B-F3DEC3C07542}" = Niezbędnik rowerzysty
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{7E791D66-9751-4B7F-9299-DAD5F7782156}" = Tiberna3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A2C59F3C-4039-4B92-B2DD-704A7C5F9DC0}" = Fuse Drivers
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.3 - Polish
"{E4C21200-3F47-4EB2-8B07-19E317CDE3FD}" = Phoenix Service Software
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AQQ" = WapSter AQQ
"CCleaner" = CCleaner
"Dll-Files Fixer_is1" = Dll-Files Fixer
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ElfBot NG_is1" = ElfBot NG 4.5.9
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 pl)" = Mozilla Firefox 18.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Opera 12.14.1738" = Opera 12.14
"Phoenix Service Software 2012.50.000.49146_is1" = Phoenix Service Software 2012.50.000.49146
"RealAlt_is1" = Real Alternative 2.0.2
"Recuva" = Recuva
"StmAdsl" = ADSL Modem
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Usbfix" = UsbFix By El Desaparecido
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"xampp" = XAMPP 1.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-01-19 09:34:41 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-20 04:08:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 10:54:13 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:06:01 | Computer Name = PIOTREK | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2013-01-21 13:32:34 | Computer Name = PIOTREK | Source = EventSystem | ID = 4618
Description = System zdarzeń modelu COM+ spowodował nieoczekiwane naruszenie praw
dostępu 0x774E2E03, próbując uzyskać dostęp do adresu 0x00000018. Skontaktuj się
z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. ole32!StringFromGUID2+0x109
ole32!StringFromGUID2+0x98
ole32!CoMarshalInterface+0x658
ole32!CoMarshalInterface+0x7d2
RPCRT4!IUnknown_Release_Proxy+0x11
es!DllGetClassObject+0x33ca
es!DllGetClassObject+0x3b06
msmsgs!+0x105991
msvcrt!_cexit+0xf
ntdll!LdrInitializeThunk+0x29
ntdll!LdrShutdownProcess+0x142
kernel32!IsValidLocale+0x8eb
kernel32!ExitProcess+0x14
kernel32!FindAtomW+0x112a

Error - 2013-01-21 13:43:12 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 3.1.4000.1823, moduł
powodujący błąd , wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2013-01-29 12:15:16 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 12:17:10 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 15:19:35 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x0006a93a.

Error - 2013-01-29 16:25:56 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x00060911.

[ System Events ]
Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%1114

Error - 2013-01-24 12:46:20 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-24 15:46:09 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-27 15:53:25 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-28 03:07:17 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-28 03:07:17 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

< End of report >
[/log]

Gmer po skanowaniu wyswietlił komunikat, że nie znalazł żadnych rootkitów i nie wiem dlaczego, ale nic nie było w oknie po skanowaniu (skanowałem z 3 razy i nic do skopiowania)

A tutaj FOlder Minidump http://www.speedyshare.com/hNv46/Minidump.rar

Edytowane 16 lutego 2013 przez Soul_bullock

16 lutego 2013

Wszystkie bsody celują w ten sterownik

[xml]Unable to load image torususb.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for torususb.sys
*** ERROR: Module load completed but symbols could not be loaded for torususb.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {f7a6dd6c, 0, ee90af47, 0}

Could not read faulting driver name
Probably caused by : torususb.sys ( torususb+38f47 )

Followup: MachineOwner
[/xml]

Pobierz SystemLook 32bit http://jpshortstuff.247fixes.com/SystemLook.html

Uruchom i w okno wklej:

:filefind

torususb.sys

kliknij w Look i daj raport po skanowaniu

Edytowane 16 lutego 2013 przez Zayfi

17 lutego 2013

[log]SystemLook 30.07.11 by jpshortstuff
Log created at 14:09 on 17/02/2013 by Piootrek
Administrator - Elevation successful

========== filefind ==========

Searching for "torususb.sys"
C:\Program Files\ZTE ZXDSL 852\Disk1\torususb.sys -ra---- 684265 bytes [19:26 30/12/2012] [15:28 25/05/2006] 3B9DAA8751F3881F8D105793DDE634A4
C:\WINDOWS\system32\drivers\torususb.sys -ra---- 684265 bytes [19:27 30/12/2012] [15:28 25/05/2006] 3B9DAA8751F3881F8D105793DDE634A4

-= EOF =-[/log]
Czy to własnie on jest przyczyną tego, że komp chodzi jak czołg? Nigdy wczesniej sie tak nie zachowywał (chodzi do czasu kiedy napisałem ten temat) Czy lepiej go sformatować ? W sumie net tez nie chodzi tak jak powinien.

17 lutego 2013

Czy to własnie on jest przyczyną tego, że komp chodzi jak czołg? Nigdy wczesniej sie tak nie zachowywał (chodzi do czasu kiedy napisałem ten temat) Czy lepiej go sformatować ? W sumie net tez nie chodzi tak jak powinien.

Tak. Musisz zaktualizować system i sterowniki do modemu.

Masz sp2 - a powinien być sp3

http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4

oraz Internet Explorer8 http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b

18 lutego 2013

Teraz net działa o wiele lepiej, z taką predkością z jaką powinien. Wielkie dzięki. A co do logów z OTL, czy jest tam coś niepokojącego ?

18 lutego 2013

Wrzuć nowy log z OTL. I przejdziemy do zakończenia tematu.

18 lutego 2013

Nowe Logi

[log]OTL logfile created on: 2013-02-18 16:59:49 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 640,76 Mb Available Physical Memory | 63,10% Memory free
2,39 Gb Paging File | 2,13 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 38,32 Gb Free Space | 65,40% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,09 Gb Free Space | 94,39% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-02-06 11:42:39 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-01-01 17:56:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piootrek\Pulpit\OTL.exe
PRC - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-08-02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-01-09 17:27:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2008-04-14 22:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-02-01 19:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 17:28:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-31 11:42:51 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006-05-25 16:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2003-08-12 15:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 21:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://fr.msn.com/
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\${searchCLSID}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-02-11 18:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-02-12 19:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla\Extensions
[2013-02-11 18:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-02-01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-02-01 21:08:18 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-01 21:08:18 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-01 21:08:18 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-01 21:08:18 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-01 21:08:18 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-01 21:08:18 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://search.b1.org/?bsrc=4hcxr&chid=c167991
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.b1.org/?bsrc=4hcxr&chid=c167991
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Piootrek\Moje dokumenty\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2013-01-28 21:03:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357469666125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357470585531 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C623AF4C-8D95-491C-9A29-24DCEC5B7DCF}: NameServer = 194.204.152.34 194.204.159.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-30 19:58:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013-01-22 16:42:33 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: hidserv - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: ias - File not found
NetSvcs: iprip - File not found
NetSvcs: irmon - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: wmdmpmsp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-02-18 15:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013-02-17 21:47:27 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013-02-17 21:47:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013-02-17 21:47:03 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2013-02-17 21:47:01 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2013-02-17 21:47:00 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2013-02-17 21:46:46 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2013-02-17 21:46:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2013-02-17 21:46:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2013-02-17 21:46:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2013-02-17 21:46:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2013-02-17 21:46:33 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013-02-17 21:46:33 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013-02-17 21:46:33 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2013-02-17 21:46:33 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2013-02-17 21:46:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013-02-17 21:46:32 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2013-02-17 21:46:32 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013-02-17 21:46:32 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013-02-17 21:46:32 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013-02-17 21:46:31 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2013-02-17 21:46:31 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013-02-17 21:46:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013-02-17 21:46:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013-02-17 21:46:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013-02-17 21:46:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013-02-17 21:46:27 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013-02-17 21:46:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013-02-17 21:46:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013-02-17 21:46:25 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013-02-17 21:46:24 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013-02-17 21:46:24 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013-02-17 21:46:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013-02-17 21:46:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013-02-17 21:46:21 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2013-02-17 21:46:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013-02-17 21:46:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013-02-17 21:46:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013-02-17 21:46:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013-02-17 21:46:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013-02-17 21:46:17 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2013-02-17 21:46:16 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013-02-17 21:46:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013-02-17 21:46:16 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013-02-17 21:46:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013-02-17 21:46:15 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013-02-17 21:46:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013-02-17 21:46:14 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2013-02-17 21:46:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013-02-17 21:46:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013-02-17 21:46:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013-02-17 21:46:13 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013-02-17 21:46:11 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2013-02-17 21:46:11 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013-02-17 21:46:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013-02-17 21:46:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013-02-17 21:46:10 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2013-02-17 21:46:10 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2013-02-17 21:46:10 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2013-02-17 21:46:10 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2013-02-17 21:46:10 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2013-02-17 21:46:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013-02-17 21:46:06 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013-02-17 21:46:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2013-02-17 21:46:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2013-02-17 21:46:04 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013-02-17 21:46:01 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2013-02-17 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl
[2013-02-17 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013-02-17 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013-02-17 21:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013-02-17 21:38:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2013-02-17 21:33:23 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013-02-17 21:33:23 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013-02-17 21:33:23 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013-02-17 21:33:23 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013-02-17 21:33:23 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013-02-17 21:33:23 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013-02-17 21:33:23 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013-02-17 21:33:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013-02-17 21:33:22 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2013-02-17 21:33:21 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013-02-17 21:33:21 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2013-02-17 21:33:21 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2013-02-17 21:33:21 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013-02-17 21:33:21 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013-02-17 21:33:21 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013-02-17 21:33:20 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013-02-17 21:33:20 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013-02-17 21:33:20 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013-02-17 21:33:19 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013-02-17 21:33:18 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2013-02-17 21:33:18 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2013-02-17 21:33:18 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2013-02-17 21:33:17 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2013-02-17 21:33:17 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2013-02-17 21:33:17 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2013-02-17 21:33:17 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2013-02-17 21:33:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2013-02-17 21:33:16 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2013-02-17 21:33:16 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2013-02-17 21:33:16 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2013-02-17 21:33:15 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013-02-17 21:33:15 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013-02-17 21:33:15 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013-02-17 21:33:15 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013-02-17 21:33:15 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013-02-17 21:33:14 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013-02-17 21:33:13 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013-02-17 21:33:10 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013-02-17 21:33:09 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2013-02-17 21:33:09 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2013-02-17 21:33:09 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013-02-17 21:33:09 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013-02-17 21:33:08 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2013-02-17 21:33:07 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2013-02-17 21:33:07 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2013-02-17 21:33:07 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2013-02-17 21:33:07 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013-02-17 21:33:07 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013-02-17 21:33:06 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2013-02-17 21:33:06 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2013-02-17 21:33:06 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013-02-17 21:33:06 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013-02-17 21:33:05 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2013-02-17 21:33:05 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2013-02-17 21:33:05 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2013-02-17 21:33:05 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2013-02-17 21:33:05 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2013-02-17 21:33:05 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2013-02-17 21:20:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013-02-17 20:20:11 | 322,713,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Piootrek\Moje dokumenty\WindowsXP-KB936929-SP3-x86-PLK.exe
[2013-02-17 19:53:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013-02-17 19:52:49 | 000,636,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Piootrek\Moje dokumenty\WindowsXP-KB932823-v3-x86-PLK.exe
[2013-02-17 19:44:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piootrek\IECompatCache
[2013-02-12 19:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Mozilla
[2013-02-12 19:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla
[2013-02-11 18:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2013-02-11 18:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-02-11 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-02-10 17:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267
[2013-02-10 16:25:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Piootrek\Recent
[2013-02-10 13:14:52 | 001,269,804 | ---- | C] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-02-10 13:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\xplore_symbian_lcg_1_52
[2013-02-09 20:14:11 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013-02-09 16:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\htdocs
[2013-02-09 16:00:28 | 000,000,000 | ---D | C] -- C:\VisumGOLD
[2013-02-09 14:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\B1E
[2013-02-09 14:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-02-09 11:39:57 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2013-02-09 11:39:57 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2013-02-09 11:39:57 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2013-02-09 11:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Phoenix
[2013-02-09 10:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RM-540
[2013-02-08 22:31:02 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\winusb.sys
[2013-02-08 22:31:02 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winusb.dll
[2013-02-08 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Symbian-Toys.com
[2013-02-08 21:05:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013-02-08 21:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Phone Browser
[2013-02-08 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013-02-08 20:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-02-08 20:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2013-02-08 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2013-02-08 16:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Adobe
[2013-02-08 16:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013-02-08 16:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013-02-08 16:24:48 | 031,668,120 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Piootrek\Moje dokumenty\AdbeRdr950_pl_PL.exe
[2013-02-08 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6
[2013-02-08 11:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Apache Friends
[2013-02-08 11:50:33 | 000,000,000 | ---D | C] -- C:\xampp
[2013-02-08 11:12:59 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2013-02-08 11:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013-02-08 10:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\soul
[2013-02-07 19:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2013-02-07 19:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2013-02-07 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013-02-07 19:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2013-02-07 17:46:30 | 324,204,808 | ---- | C] (Nero AG) -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nero-12.0.03400_trial.exe
[2013-02-07 14:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\database
[2013-02-06 11:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2013-02-06 11:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-02-06 11:12:22 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Piootrek\Moje dokumenty\ccsetup327.exe
[2013-02-04 17:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-02-02 14:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\Elfbot 8.50 - Crack
[2013-02-02 12:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tiberna
[2013-02-02 12:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tiberna
[2013-02-01 20:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\MegaEvo by Help3R_Ichtio
[2013-01-30 22:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\Sun
[2013-01-30 22:31:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013-01-30 22:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Notepad++
[2013-01-29 18:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013-01-29 18:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-29 13:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\org. httdocs
[2013-01-28 22:05:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013-01-28 20:43:41 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013-01-28 20:36:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-01-28 20:36:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-01-28 20:36:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-01-28 20:36:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-01-28 20:35:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Menu Start\Programy\Narzędzia administracyjne
[2013-01-28 20:35:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Piootrek\Moje dokumenty\Moje wideo
[2013-01-28 20:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-01-28 20:32:43 | 005,030,592 | ---- | C] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-01-28 19:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\RME-v3.0-beta-2
[2013-01-28 08:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Doctor Web
[2013-01-27 21:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Pulpit\salitykiller
[2013-01-24 16:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2013-01-24 16:21:08 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013-01-24 16:21:08 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013-01-24 16:21:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013-01-24 16:21:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013-01-24 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2013-01-24 12:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-01-22 16:42:33 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2013-01-21 18:39:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-02-18 15:41:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-02-18 15:21:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013-02-18 15:19:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-02-18 15:18:16 | 000,129,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-02-17 21:32:26 | 000,251,152 | ---- | M] () -- C:\ntldr
[2013-02-17 21:02:19 | 322,713,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Piootrek\Moje dokumenty\WindowsXP-KB936929-SP3-x86-PLK.exe
[2013-02-17 19:54:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-02-17 19:52:50 | 000,636,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Piootrek\Moje dokumenty\WindowsXP-KB932823-v3-x86-PLK.exe
[2013-02-16 16:08:34 | 000,374,784 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\4jsv0gi6.exe
[2013-02-16 15:26:49 | 000,046,534 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Minidump.rar
[2013-02-11 18:00:26 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2013-02-10 17:30:37 | 027,114,436 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267.tar.gz
[2013-02-10 13:14:52 | 001,269,804 | ---- | M] (El Desaparecido) -- C:\Documents and Settings\Piootrek\Pulpit\UsbFix.exe
[2013-02-09 20:14:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013-02-09 20:14:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-02-09 14:49:50 | 011,586,909 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\gesior acc 0.3.6.rar
[2013-02-09 13:44:26 | 000,058,917 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa2.JPG
[2013-02-09 13:41:46 | 000,036,672 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa.JPG
[2013-02-09 11:44:59 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Phoenix.lnk
[2013-02-08 21:17:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2013-02-08 21:06:25 | 005,030,592 | ---- | M] (Swearware) -- C:\Documents and Settings\Piootrek\Pulpit\ComboFix.exe
[2013-02-08 20:59:48 | 001,203,896 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\nokia-connectivity-cable-driver.exe
[2013-02-08 16:29:01 | 031,668,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Piootrek\Moje dokumenty\AdbeRdr950_pl_PL.exe
[2013-02-08 16:20:33 | 056,854,589 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Visum Gold (8.60).rar
[2013-02-08 16:03:25 | 009,230,278 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6.rar
[2013-02-08 11:51:04 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP CP.lnk
[2013-02-08 11:05:17 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\RME.lnk
[2013-02-07 20:04:15 | 007,840,768 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nokia_Connectivity_Cable_Driver_pol.msi
[2013-02-07 19:51:31 | 000,000,256 | ---- | M] () -- C:\dk2.mem
[2013-02-07 18:28:00 | 324,204,808 | ---- | M] (Nero AG) -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nero-12.0.03400_trial.exe
[2013-02-06 11:17:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-02-06 11:12:56 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Piootrek\Moje dokumenty\ccsetup327.exe
[2013-02-05 11:49:05 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\userInit.dll
[2013-02-04 19:55:31 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-02-04 18:59:29 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Tiberna.exe.lnk
[2013-02-01 12:04:59 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\TFS.lnk
[2013-01-30 20:39:31 | 000,086,730 | ---- | M] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:25:52 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-01-29 18:25:07 | 005,900,569 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-28 21:03:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-01-28 20:44:01 | 000,000,327 | ---- | M] () -- C:\boot.ini
[2013-01-28 20:00:27 | 102,121,490 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-27 21:21:24 | 110,118,344 | ---- | M] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-02-17 21:47:14 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2013-02-17 21:47:14 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2013-02-17 21:47:14 | 000,001,714 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2013-02-17 21:47:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2013-02-17 21:47:13 | 000,693,932 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2013-02-17 21:47:13 | 000,071,460 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2013-02-17 21:47:12 | 000,027,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2013-02-17 21:47:11 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2013-02-17 21:47:11 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2013-02-17 21:47:10 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2013-02-17 21:47:10 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2013-02-17 21:47:09 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2013-02-17 21:47:09 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2013-02-17 21:47:08 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2013-02-17 21:47:08 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2013-02-17 21:47:08 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2013-02-17 21:47:06 | 000,058,350 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2013-02-17 21:47:06 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2013-02-17 21:47:05 | 000,034,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2013-02-17 21:47:05 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2013-02-17 21:47:05 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2013-02-17 21:47:04 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2013-02-17 21:47:04 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2013-02-17 21:47:04 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2013-02-17 21:47:04 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2013-02-17 21:47:04 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2013-02-17 21:47:04 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2013-02-17 21:47:04 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2013-02-17 21:47:04 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2013-02-17 21:47:04 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2013-02-17 21:47:04 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2013-02-17 21:47:03 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2013-02-17 21:47:03 | 000,089,253 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2013-02-17 21:47:03 | 000,066,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2013-02-17 21:47:03 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2013-02-17 21:47:03 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2013-02-17 21:47:03 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2013-02-17 21:47:03 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2013-02-17 21:47:03 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2013-02-17 21:47:03 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2013-02-17 21:47:03 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2013-02-17 21:47:03 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2013-02-17 21:47:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2013-02-17 21:47:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2013-02-17 21:47:03 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2013-02-17 21:47:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2013-02-17 21:47:02 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2013-02-17 21:47:02 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2013-02-17 21:47:02 | 000,001,482 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2013-02-17 21:47:02 | 000,001,479 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2013-02-17 21:47:02 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2013-02-17 21:47:02 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2013-02-17 21:47:02 | 000,001,463 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2013-02-17 21:47:02 | 000,001,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2013-02-17 21:47:02 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2013-02-17 21:47:02 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2013-02-17 21:47:02 | 000,001,041 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2013-02-17 21:47:02 | 000,000,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2013-02-17 21:47:02 | 000,000,822 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2013-02-17 21:47:02 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2013-02-17 21:47:02 | 000,000,792 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2013-02-17 21:47:02 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2013-02-17 21:47:02 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2013-02-17 21:47:02 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2013-02-17 21:47:01 | 000,036,644 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2013-02-17 21:47:01 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2013-02-17 21:47:01 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2013-02-17 21:47:00 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2013-02-17 21:47:00 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2013-02-17 21:47:00 | 000,184,137 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2013-02-17 21:47:00 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2013-02-17 21:47:00 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2013-02-17 21:47:00 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2013-02-17 21:47:00 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2013-02-17 21:47:00 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2013-02-17 21:46:59 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2013-02-17 21:46:59 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2013-02-17 21:46:59 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2013-02-17 21:46:59 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2013-02-17 21:46:59 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2013-02-17 21:33:16 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013-02-17 21:33:13 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013-02-17 21:33:09 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013-02-17 19:54:01 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-02-16 16:08:34 | 000,374,784 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\4jsv0gi6.exe
[2013-02-16 15:26:49 | 000,046,534 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Minidump.rar
[2013-02-11 18:00:26 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2013-02-11 18:00:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2013-02-10 17:26:26 | 027,114,436 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\ModernAAC-trunk.r267.tar.gz
[2013-02-09 20:14:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013-02-09 20:14:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-02-09 14:47:25 | 011,586,909 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\gesior acc 0.3.6.rar
[2013-02-09 13:44:25 | 000,058,917 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa2.JPG
[2013-02-09 13:41:46 | 000,036,672 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Nowy Obraz - mapa bitowa.JPG
[2013-02-09 11:44:59 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Phoenix.lnk
[2013-02-08 20:59:44 | 001,203,896 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\nokia-connectivity-cable-driver.exe
[2013-02-08 16:33:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2013-02-08 16:33:47 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk
[2013-02-08 16:10:26 | 056,854,589 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Visum Gold (8.60).rar
[2013-02-08 16:02:10 | 009,230,278 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Gesior0.3.6.rar
[2013-02-08 11:51:04 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\XAMPP CP.lnk
[2013-02-08 11:05:17 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\RME.lnk
[2013-02-07 20:03:17 | 007,840,768 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\Nokia_Connectivity_Cable_Driver_pol.msi
[2013-02-07 19:51:31 | 000,000,256 | ---- | C] () -- C:\dk2.mem
[2013-02-06 11:17:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-02-04 12:47:05 | 000,002,403 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Tiberna.exe.lnk
[2013-02-03 10:11:38 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll
[2013-02-01 19:52:58 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Notepad++.lnk
[2013-02-01 12:04:59 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\TFS.lnk
[2013-01-30 20:39:28 | 000,086,730 | ---- | C] () -- C:\Documents and Settings\Piootrek\Moje dokumenty\SpellCreator.zip
[2013-01-29 18:24:23 | 005,900,569 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\npp.6.2.3.Installer.exe
[2013-01-28 22:04:54 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\Opera.lnk
[2013-01-28 20:44:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013-01-28 20:43:49 | 000,262,400 | ---- | C] () -- C:\cmldr
[2013-01-28 20:36:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-01-28 20:36:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-01-28 20:36:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-01-28 20:36:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-01-28 20:36:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-01-28 19:45:48 | 102,121,490 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\xampp-win32-1.8.1-VC9-installer.exe
[2013-01-28 19:42:54 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2013-01-27 21:07:32 | 110,118,344 | ---- | C] () -- C:\Documents and Settings\Piootrek\Pulpit\as15r9ca.exe
[2013-01-22 17:09:32 | 1792,917,834 | ---- | C] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2013-01-06 12:40:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Piootrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-30 20:27:43 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2012-12-30 20:27:42 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2012-12-30 20:27:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
[2012-12-30 20:25:34 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2012-12-30 20:20:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-30 20:19:40 | 000,129,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-30 20:13:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-30 20:13:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012-12-30 20:13:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-12-30 20:02:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-30 19:54:47 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008-04-14 22:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012-12-31 11:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GG
[2012-12-31 11:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org
[2012-12-30 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2012-12-30 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia
[2013-01-18 15:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2013-02-09 11:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2012-12-31 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-02-09 11:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2013-02-08 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2013-02-04 17:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2013-01-05 18:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-02-09 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-02-08 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-02-04 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< C:\*.* >[/color]
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-12-30 19:52:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013-01-28 20:44:01 | 000,000,327 | ---- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | ---- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2013-01-28 21:11:24 | 000,007,724 | ---- | M] () -- C:\ComboFix.txt
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013-02-07 19:51:31 | 000,000,256 | ---- | M] () -- C:\dk2.mem
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2012-12-30 19:58:55 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2013-02-17 21:32:26 | 000,251,152 | ---- | M] () -- C:\ntldr
[2013-02-18 15:41:26 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2013-01-02 16:07:15 | 000,173,141 | ---- | M] () -- C:\result.txt
[2013-01-27 21:02:02 | 000,130,122 | ---- | M] () -- C:\rmslt.log
[2013-02-10 13:26:27 | 000,005,995 | ---- | M] () -- C:\UsbFix.txt
[2013-01-22 17:48:06 | 1792,917,834 | ---- | M] () -- C:\UsbFix_Upload_Me_PIOTREK.zip
[2012-12-30 19:56:04 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012-12-30 20:03:31 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#A23BEC]< D:\*.* >[/color]
[2011-11-11 15:06:30 | 171,815,304 | ---- | M] () -- D:\ArcaSetup2011-PL-32bit.exe
[2012-12-31 20:53:39 | 000,053,248 | ---- | M] (EffectMatrix Inc. ) -- D:\tvpsetup.exe

[color=#A23BEC]< E:\*.* >[/color]
[2013-02-11 19:25:34 | 000,009,162 | ---- | M] () -- E:\firestorm.txt

[color=#A23BEC]< F:\*.* >[/color]

[color=#A23BEC]< G:\*.* >[/color]

[color=#A23BEC]< H:\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013-02-08 16:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Adobe
[2013-01-11 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Altaron
[2013-02-09 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\B1Toolbar
[2013-01-06 13:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\dll-files.com
[2013-01-05 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Identities
[2013-01-05 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Macromedia
[2013-01-24 12:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Media Player Classic
[2013-02-08 22:29:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Microsoft
[2013-02-12 19:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Mozilla
[2013-01-29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Notepad++
[2013-01-05 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Opera
[2013-02-08 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\PC Suite
[2013-01-06 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Remere's Map Editor
[2013-01-30 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Sun
[2013-02-04 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\Tibia
[2013-01-06 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\WinRAR
[2013-01-14 18:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piootrek\Dane aplikacji\YDP

[color=#A23BEC]< %SYSTEMDRIVE%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\WINDOWS\erdnt\cache\explorer.exe
[2006-10-25 17:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) MD5=38B1F04FF8875575D5E43FEB5931D7E2 -- C:\_OTL\MovedFiles\01022013_153353\C_WINDOWS\system32\EXPLORER.EXE
[2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=C791ED9EAC5E76D9525E157B1D7A599A -- C:\WINDOWS\explorer.exe
[2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=C791ED9EAC5E76D9525E157B1D7A599A -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2008-04-14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008-04-14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004-08-03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004-08-03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\erdnt\cache\ntfs.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8607D35D92528E2DF386F19A960D23CE -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8607D35D92528E2DF386F19A960D23CE -- C:\WINDOWS\system32\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BA98327E90022DBD6EE76490E0622E2E -- C:\WINDOWS\erdnt\cache\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=2A5B37D520508BE6570A3EA79695F5B5 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=2A5B37D520508BE6570A3EA79695F5B5 -- C:\WINDOWS\system32\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004-08-03 23:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\WINDOWS\erdnt\cache\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2008-04-14 22:51:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=C0AA2AB856680C44739B41E01F5BD4E9 -- C:\WINDOWS\system32\ws2_32.dll

[color=#A23BEC]< %systemroot%\system32\kernel32.dll /md5 >[/color]
[2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) MD5=FCE4ECC34A36EDACF03DBE8DE5E28910 -- C:\WINDOWS\system32\kernel32.dll

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=A435C5C069AFD901751AC323AD238793 -- C:\WINDOWS\system32\user32.dll

[color=#A23BEC]< %systemroot%\Tasks\*.* /lockedfiles >[/color]

[color=#E56717]========== Restore Points Found ==========[/color]

< End of report >
[/log]

[log]

OTL Extras logfile created on: 2013-02-18 16:59:49 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Piootrek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 640,76 Mb Available Physical Memory | 63,10% Memory free
2,39 Gb Paging File | 2,13 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 38,32 Gb Free Space | 65,40% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 46,09 Gb Free Space | 94,39% Space Free | Partition Type: NTFS
Drive E: | 41,62 Gb Total Space | 38,13 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive G: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT

Computer Name: PIOTREK | User Name: Piootrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-436374069-2049760794-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.G4EHL74QSLVOMH4CVX3CGXCZ5U] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe" = D:\OTs\TFS 8.6\TheForgottenServer8.60V3.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Nokia\Phoenix\phoenix.exe" = C:\Program Files\Nokia\Phoenix\phoenix.exe:*:Enabled:Phoenix Application -- (Nokia)
"C:\Program Files\Common Files\Nokia\Fuse\FuseService.exe" = C:\Program Files\Common Files\Nokia\Fuse\FuseService.exe:*:Enabled:Fuse Service -- (Nokia)
"C:\vXampp\apache\bin\httpd.exe" = C:\vXampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\vXampp\mysql\bin\mysqld.exe" = C:\vXampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\VisumGOLD\VisumGOLD.exe" = C:\VisumGOLD\VisumGOLD.exe:*:Enabled:Visum2GOLD SQL -- (VisumOTS.pl)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0FE292-E7D0-4938-AA41-E6E5F72D21BC}" = Remere's Map Editor
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4849E74C-3408-467A-AF8B-F3DEC3C07542}" = Niezbędnik rowerzysty
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{7E791D66-9751-4B7F-9299-DAD5F7782156}" = Tiberna3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A2C59F3C-4039-4B92-B2DD-704A7C5F9DC0}" = Fuse Drivers
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.3 - Polish
"{E4C21200-3F47-4EB2-8B07-19E317CDE3FD}" = Phoenix Service Software
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AQQ" = WapSter AQQ
"CCleaner" = CCleaner
"Dll-Files Fixer_is1" = Dll-Files Fixer
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"ElfBot NG_is1" = ElfBot NG 4.5.9
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 pl)" = Mozilla Firefox 18.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Opera 12.14.1738" = Opera 12.14
"Phoenix Service Software 2012.50.000.49146_is1" = Phoenix Service Software 2012.50.000.49146
"RealAlt_is1" = Real Alternative 2.0.2
"Recuva" = Recuva
"StmAdsl" = ADSL Modem
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Usbfix" = UsbFix By El Desaparecido
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"xampp" = XAMPP 1.8.1

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-01-29 12:15:16 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 12:17:10 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010f29.

Error - 2013-01-29 15:19:35 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x0006a93a.

Error - 2013-01-29 16:25:56 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429,
moduł powodujący błąd theforgottenserver8.60v3.exe, wersja 0.3.6.3429, adres błędu
0x00060911.

Error - 2013-02-07 06:48:25 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010de3.

Error - 2013-02-07 06:55:10 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00010de3.

Error - 2013-02-07 10:05:20 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd libmysql.dll, wersja 0.0.0.0, adres błędu 0x000acfe1.

Error - 2013-02-07 10:06:03 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd libmysql.dll, wersja 0.0.0.0, adres błędu 0x000acfe1.

Error - 2013-02-07 10:06:30 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd libmysql.dll, wersja 0.0.0.0, adres błędu 0x000acfe1.

Error - 2013-02-07 10:22:41 | Computer Name = PIOTREK | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd theforgottenserverv7.exe, wersja 0.3.6.3429,
moduł powodujący błąd libmysql.dll, wersja 0.0.0.0, adres błędu 0x000acfe1.

[ System Events ]
Error - 2013-01-24 12:41:33 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%1114

Error - 2013-01-24 12:46:20 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-24 15:41:24 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-24 15:46:09 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-27 15:48:32 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

Error - 2013-01-27 15:53:25 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2013-01-28 03:07:17 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu
następującego błędu: %%3

Error - 2013-01-28 03:07:17 | Computer Name = PIOTREK | Source = Service Control Manager | ID = 7023
Description = Usługa jnjajl zakończyła działanie; wystąpił następujący błąd: %%126

< End of report >
[/log]

18 lutego 2013

Podaj mi log z Combofix, ponieważ był uruchamiany i należy go w prawidłowy sposób odinstalować.

18 lutego 2013

Log z Combo Fixa

[log]

ComboFix 13-01-28.02 - Piootrek 2013-01-28 20:48:07.1.1 - x86
Uruchomiony z: c:\documents and settings\Piootrek\Pulpit\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\windows\EventSystem.log
c:\windows\IsUn0415.exe
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\rundll32.exe.tmp
c:\windows\system32\setup.ini
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-12-28 do 2013-01-28 )))))))))))))))))))))))))))))))
.
.
2013-01-28 19:00 . 2013-01-28 19:18 -------- d-----w- C:\xampp
2013-01-18 14:55 . 2013-01-22 16:51 -------- d-----w- C:\UsbFix
2013-01-06 13:29 . 2013-01-06 13:29 -------- d-----w- C:\NVIDIA
2013-01-02 14:33 . 2013-01-02 14:33 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 16:48 . 2013-01-22 16:09 1792917834 ----a-w- C:\UsbFix_Upload_Me_PIOTREK.zip
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 151552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 247296]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\UsbFix\\Go.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Asprate\\Tibia Multi IP Changer\\Tibia MULTI-ip changer.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Documents and Settings\\Piootrek\\Pulpit\\OTL.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2729:TCP"= 2729:TCP:kffmn
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
.
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2012-12-30 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2012-12-30 684265]
S2 nfipqs;jnjajl;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ojumdcjt
nfipqs
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 16:28]
.
2013-01-23 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-01-06 09:56]
.
2013-01-19 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-01-06 09:56]
.
.
------- Skan uzupełniający -------
.
TCP: Interfaces\{C623AF4C-8D95-491C-9A29-24DCEC5B7DCF}: NameServer = 194.204.159.1 194.204.152.34
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-ABREGMON - c:\program files\ArcaBit\ArcaVir\ABregmon.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\23.0.1271.97\Installer\setup.exe
AddRemove-Piszę poprawnie 4 - c:\windows\IsUn0415.exe
AddRemove-Szkoła podstawowa klasa 4 - Tajemnice przyrody - c:\windows\IsUn0415.exe
AddRemove-Szkoła podstawowa klasa 4 - Wczoraj i dziś - c:\windows\IsUn0415.exe
AddRemove-Szkoła podstawowa klasy 4-6 - Muzyka na ekranie - c:\windows\IsUn0415.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-28 21:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2013-01-28 21:11:22 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-01-28 20:11
.
Przed: 47 323 697 152 bajtów wolnych
Po: 47 432 364 032 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BA60231F4F1FFF657EFC5C2D47AF60D2
[/log]

18 lutego 2013

Uruchomiony z: c:\documents and settings\Piootrek\Pulpit\ComboFix.exe

Czy masz tam instalator Combofixa? jak nie masz pobieraj i umieść na pulpicie

18 lutego 2013

Tak, Combofix.exe nadal znajduje sie na pulpice.

18 lutego 2013

Start > polecenie uruchom > wklej komendę

C:\Documents and settings\Piootrek\Pulpit\ComboFix.exe /uninstall

18 lutego 2013

Wyskakuje błąd, że nie może odnaleśc pliku.

//Edit:Combofix usuniety. Użyłem komendy combofix /uninstall

Edytowane 18 lutego 2013 przez Soul_bullock

18 lutego 2013

To w takim razie usuń tą instalkę i pobierz nową http://download.bleepingcomputer.com/sUBs/ComboFix.exe

i ponów akcję

18 lutego 2013

Ale już go odinstalowałem inną komenda, czy musze pobierać od nowa?

18 lutego 2013

Ale już go odinstalowałem inną komenda, czy musze pobierać od nowa?

Jaką komendą?

18 lutego 2013

combofix /uninstall

18 lutego 2013

No dobra. teraz uruchom OTL i kliknij Sprzątanie.

2.Wyczyść foldery przywracania systemu

PPM na Mój komp > Własciwości > Przywracanie systemu

zaznacz opcje wyłacz przywracanie systemu > potwierdź Zastosuj > poczekaj kilkanście sekund i odznacz ta opcję zatwierdz Zastosuj

i zainstaluj sobie jakiś program antywirusowy. To wszystko

Zaloguj się

EXPOLORER.exe - jak się pozbyć ?

wirusolog

Soul_bullock

wirusolog

Soul_bullock

wirusolog

Soul_bullock

Natsuki Kuga

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Soul_bullock

Zayfi

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Strona główna

Powiadomienie o plikach cookie