x-kom hosting

Wirus (prawdopodobnie) tworzy skróty na pendrive.

Karolas
utworzono
utworzono

Witam.

 

Mój problem polega na tym, że po podłączeniu pendrive'a do komputera i otwarciu go najpierw pojawia się w nim jego skrót, a po wejściu w ten skrót widać dopiero znajdujące się na nim pliki. Na początku zbagatelizowałem to, do czasu, gdy pracownik drukarni powiedział mi, że to wina wirusa. Czy miał rację? Skanowanie antywirusem nic nie wykryło. Dołączam logi i screena, może uda się coś z tym zrobić.

Logi z RSIT:

log:

[log] Logfile of random's system information tool 1.09 (written by random/random)
Run by Kasia at 2013-03-25 17:25:33
Microsoft® Windows Vista™ Home Basic  Service Pack 2
System drive C: has 74 GB (32%) free of 228 GB
Total RAM: 3001 MB (36% free)


======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default

prefs.js - "browser.search.suggest.enabled" -  false
prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "https://www.google.pl/"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, linkfilter@kaspersky.ru:9.0.0.736, en-GB@dictionaries.addons.mozilla.org:1.19.1, player@vividas.com:4.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
"support@predictad.com"=C:\Program Files\AutocompletePro\support@predictad.com
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"=C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nsIBitCometAgent.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
npdeployJava1.dll
nppdf32.dll
npVividasPlayer.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
allegro-pl.xml
avg-secure-search.xml
babylon.xml
fbc-pl.xml
google.xml
googledesktop.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default\extensions\
en-GB@dictionaries.addons.mozilla.org
player@vividas.com
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default\searchplugins\
delta.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-02-17 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Users\Kasia\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.DLL [2012-11-15 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-17 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
Norton Identity Protection - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll [2013-02-14 509776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-17 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A13C2648-91D4-4bf3-BC6D-0079707C4389} - Norton Identity Safe Toolbar - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll [2013-02-14 509776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-11 6724128]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"WarReg_PopUp"=C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [2008-11-04 57344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-09 1418536]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-02-12 862728]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2009-04-03 698912]
"ContentTransferWMDetector.exe"=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2009-11-19 583016]
"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2010-08-30 979328]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Aimersoft Helper Compact.exe"=C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe []
"C:\Windows\system32\V0260Ext.ax"=C:\Windows\system32\RegSvr32.exe [2006-11-02 14336]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=C:\Users\Kasia\Programy\ALLPlayer\ALLUpdate.exe [2009-06-04 869888]
"DAEMON Tools Lite"=C:\Users\Kasia\Programy\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=msh263.drv
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-25 17:25:33 ----D---- C:\rsit
2013-03-25 17:25:33 ----D---- C:\Program Files\trend micro
2013-03-25 13:29:34 ----D---- C:\Windows\system32\drivers\NST
2013-03-25 13:29:33 ----D---- C:\Program Files\Norton Identity Safe
2013-03-25 13:29:28 ----D---- C:\Program Files\Symantec
2013-03-25 13:29:28 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-03-25 13:29:28 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2013-03-25 13:28:17 ----D---- C:\Windows\system32\drivers\NAV
2013-03-25 13:28:14 ----D---- C:\Program Files\Norton AntiVirus
2013-03-25 13:27:58 ----D---- C:\Program Files\NortonInstaller
2013-03-19 21:02:56 ----D---- C:\Users\Kasia\AppData\Roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9}
2013-03-19 21:02:40 ----D---- C:\Users\Kasia\AppData\Roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947}
2013-03-16 07:30:42 ----A---- C:\Windows\system32\GPhotos.scr
2013-03-15 15:32:25 ----D---- C:\Users\Kasia\AppData\Roaming\Origin
2013-03-15 15:32:21 ----D---- C:\Program Files\Origin Games
2013-03-08 21:31:38 ----D---- C:\Program Files\Mozilla Firefox
2013-02-26 21:51:43 ----A---- C:\11.txt
2013-02-26 21:50:33 ----D---- C:\Users\Kasia\AppData\Roaming\Babylon
2013-02-26 21:50:33 ----D---- C:\ProgramData\Babylon

======List of files/folders modified in the last 1 month======

2013-03-25 17:25:33 ----RD---- C:\Program Files
2013-03-25 17:25:19 ----D---- C:\Windows\Temp
2013-03-25 14:09:33 ----D---- C:\Windows\System32
2013-03-25 14:09:33 ----D---- C:\Windows\inf
2013-03-25 14:09:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-25 14:00:11 ----D---- C:\Windows\Prefetch
2013-03-25 13:31:23 ----D---- C:\Windows\system32\Tasks
2013-03-25 13:30:12 ----SHD---- C:\System Volume Information
2013-03-25 13:30:12 ----D---- C:\ProgramData\Norton
2013-03-25 13:29:34 ----D---- C:\Windows\system32\drivers
2013-03-25 13:29:28 ----D---- C:\Program Files\Common Files
2013-03-23 18:26:12 ----D---- C:\Users\Kasia\AppData\Roaming\vlc
2013-03-22 12:30:13 ----SHD---- C:\Windows\Installer
2013-03-22 12:29:57 ----D---- C:\Program Files\Google
2013-03-19 21:02:25 ----D---- C:\temp
2013-03-17 13:53:23 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-17 13:53:23 ----D---- C:\Program Files\Electronic Arts
2013-03-17 12:48:30 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-15 15:32:21 ----D---- C:\ProgramData\Origin
2013-03-15 15:32:08 ----D---- C:\Program Files\Origin
2013-03-14 22:11:42 ----D---- C:\Downloads
2013-03-13 01:43:33 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-03-11 12:19:09 ----D---- C:\Windows\system32\catroot2
2013-03-09 11:35:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-06 13:44:38 ----D---- C:\Windows\Minidump
2013-03-06 13:44:33 ----D---- C:\Windows
2013-02-28 01:56:40 ----HD---- C:\ProgramData
2013-02-27 16:57:25 ----D---- C:\Users\Kasia\AppData\Roaming\Skype
2013-02-27 16:01:49 ----D---- C:\Users\Kasia\AppData\Roaming\skypePM
2013-02-26 21:56:10 ----D---- C:\Users\Kasia\AppData\Roaming\BESTplayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-28 691696]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAV\1403000.024\SYMDS.SYS [2013-01-21 367704]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1403000.024\SYMEFA.SYS [2013-01-30 934488]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx86.sys [2012-11-19 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager; C:\Windows\system32\drivers\NAV\1403000.024\ccSetx86.sys [2012-11-15 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager; C:\Windows\system32\drivers\NST\7DD03000.01A\ccSetx86.sys [2012-11-16 134304]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-01-31 376480]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSVix86.sys [2012-11-15 386720]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1403000.024\SRTSPX.SYS [2013-01-28 32344]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAV\1403000.024\Ironx86.SYS [2012-11-15 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NAV\1403000.024\SYMTDIV.SYS [2013-01-30 350368]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130324.007\NAVENG.SYS [2013-03-24 93296]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130324.007\NAVEX15.SYS [2013-03-24 1603824]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NAV\1403000.024\SRTSP.SYS [2013-01-28 602712]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-03-25 142496]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-01-09 204976]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 agpc6czh;agpc6czh; C:\Windows\system32\drivers\agpc6czh.sys []
S3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EraserUtilDrv11220;EraserUtilDrv11220; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2013-01-31 106656]
S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-02-23 62976]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 winusb;Sterownik WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-10 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe [2012-12-23 144520]
R2 NCO;Norton Identity Safe; C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2012-12-24 144520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Users\Kasia\Programy\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 GoogleDesktopManager-051210-111108;Menedżer Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-20 182768]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

 [/log]

 

info:

[log] info.txt logfile of random's system information tool 1.09 2013-03-25 17:26:06

======Uninstall list======

-->"C:\Program Files\eMachines Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\eMachines Game Console\Uninstall.exe"
-->"C:\Program Files\eMachines Games\FATE\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\eMachines Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Virtual Villagers - A New Home\Uninstall.exe"
7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 9.0 Sprint-->MsiExec.exe /I {F9000000-0018-0000-0000-074957833700}
ABBYY FineReader 9.0 Sprint-->MsiExec.exe /X{F9000000-0018-0000-0000-074957833700}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -maintain plugin
Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228}
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD}
ALLPlayer V4.X-->"C:\Users\Kasia\Programy\ALLPlayer\unins000.exe"
Archiwizator WinRAR-->C:\Users\Kasia\Programy\uninstall.exe
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
BitComet 1.32-->C:\Users\Kasia\Programy\BitComet\uninst.exe
Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
Creative Live! Cam Vista IM Driver (1.01.03.1104)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dance Party-->"C:\Program Files\IQ Publishing\Dance Party\unins000.exe"
Defrikz - Happy Day-->"C:\Program Files\IQ Publishing\Dance Party\songs\Utwory bonusowe\45_Happy Day\unins000.exe"
Defrikz - Latino-->"C:\Program Files\IQ Publishing\Dance Party\songs\Utwory bonusowe\46_Latino\unins000.exe"
eMachines Games-->"C:\Program Files\eMachines Games\Uninstall.exe"
eMachines Power Management-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0015 -removeonly
eMachines Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0015 -removeonly
eMachines ScreenSaver-->C:\Windows\Screensavers\eMachines\Uninstall.exe
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)-->C:\Program Files\InstallShield Installation Information\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}\setup.exe -runfromtemp -l0x0009 -removeonly
Epson Event Manager-->MsiExec.exe /X{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON SX130 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSHJE.EXE /R /APD /P:"EPSON SX130 Series"
ffdshow [rev 3026] [2009-07-05]-->"C:\Program Files\ffdshow\unins000.exe"
FormatFactory 2.96-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GIMP 2.8.2-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth Plug-in-->MsiExec.exe /X{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might and Magic IV - Złota Edycja-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94B4E2D8-A184-415C-BF9E-F699D76466BD}\setup.exe" -l0x15
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Karaoke for Fun - eXtra Hity-->"C:\Program Files\Techland\Karaoke for Fun - eXtra Hity\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Polish)-->MsiExec.exe /X{95120000-00AF-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Works-->MsiExec.exe /I{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox 19.0.2 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
Mój Fitness -->C:\Program Files\IQ Publishing\Mój Fitness\uninst.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
NapiProjekt 1.0.6.7-->"C:\Users\Kasia\Programy\NAPI-PROJEKT\unins000.exe"
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\20.3.0.36\InstStub.exe /X /ARP
Norton Identity Safe-->C:\Program Files\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.3.0.26\InstStub.exe /X /ARP
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0415
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0415
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Origin-->C:\Program Files\Origin\OriginUninstall.exe
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe
Pakiet zgodności dla systemu Office 2007-->MsiExec.exe /X{90120000-0020-0415-0000-0000000FF1CE}
Pampers Zloty Sen-->"C:\Windows\Pampers Zloty Sen Uninstaller\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
Przewodnik użytkownika EPSON SX130 Series-->"C:\Program Files\Epson Software\Epson Manual\EPSON SX130 Series\pl\Useg\DocUnins.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0015 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims Średniowiecze-->"C:\Program Files\InstallShield Installation Information\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}\SimsMedievalSetup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3 Cztery pory roku-->"C:\Program Files\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3 Po zmroku-->"C:\Program Files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\Sims3EP03Setup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3 Pokolenia-->"C:\Program Files\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3 Studenckie życie-->"C:\Program Files\InstallShield Installation Information\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}\Sims3EP09Setup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3 Zwierzaki-->"C:\Program Files\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe" -runfromtemp -l0x0015 -removeonly
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0015 -removeonly
TS3 Install Helper Monkey-->"C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
Video Web Camera-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 2.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger-->MsiExec.exe /X{E9AD2143-26D5-4201-BED1-19DCC03B407D}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{C3335EFB-008F-44DB-A87A-9EC8EE53D045}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======System event log======

Computer Name: Kasia-PC
Event Code: 4372
Message: Obsługa systemu Windows nadaje pakietowi KB978542(Security Update) stan Żądana instalacja(Install Requested).
Record Number: 264733
Source Name: Microsoft-Windows-Servicing
Time Written: 20120919155329.000000-000
Event Type: Informacje
User: Kasia-PC\Kasia

Computer Name: Kasia-PC
Event Code: 4371
Message: Obsługa systemu Windows rozpoczęła proces zmieniania stanu pakietu KB978542(Security Update) z Żądana instalacja(Install Requested) na Zainstalowany(Installed).
Record Number: 264732
Source Name: Microsoft-Windows-Servicing
Time Written: 20120919155329.000000-000
Event Type: Informacje
User: Kasia-PC\Kasia

Computer Name: Kasia-PC
Event Code: 4372
Message: Obsługa systemu Windows nadaje pakietowi KB981322(Security Update) stan Żądana instalacja(Install Requested).
Record Number: 264731
Source Name: Microsoft-Windows-Servicing
Time Written: 20120919155329.000000-000
Event Type: Informacje
User: Kasia-PC\Kasia

Computer Name: Kasia-PC
Event Code: 4371
Message: Obsługa systemu Windows rozpoczęła proces zmieniania stanu pakietu KB981322(Security Update) z Żądana instalacja(Install Requested) na Zainstalowany(Installed).
Record Number: 264730
Source Name: Microsoft-Windows-Servicing
Time Written: 20120919155328.000000-000
Event Type: Informacje
User: Kasia-PC\Kasia

Computer Name: Kasia-PC
Event Code: 4372
Message: Obsługa systemu Windows nadaje pakietowi KB2079403(Security Update) stan Żądana instalacja(Install Requested).
Record Number: 264729
Source Name: Microsoft-Windows-Servicing
Time Written: 20120919155328.000000-000
Event Type: Informacje
User: Kasia-PC\Kasia

=====Application event log=====

Computer Name: Kasia-PC
Event Code: 20222
Message: Identyfikator CoId={AE0E387C-030E-4903-B191-8AF15156009C}: Użytkownik Kasia-PC\Kasia próbuje ustanowić łącze do serwera dostępu zdalnego dla połączenia o nazwie ZTE ZXDSL 852, korzystając z następującego urządzenia:
Server address/Phone Number = 0,35
Device = WAN/ATM/ADSL miniport
Port = ATM12-0
MediaType = ATM.
Record Number: 35932
Source Name: RasClient
Time Written: 20101230011953.000000-000
Event Type: Informacje
User:

Computer Name: Kasia-PC
Event Code: 20221
Message: Identyfikator CoId={AE0E387C-030E-4903-B191-8AF15156009C}: Użytkownik Kasia-PC\Kasia rozpoczął wybieranie numeru w celu nawiązania połączenia Dial-up przy użyciu profilu połączenia all-user o nazwie ZTE ZXDSL 852. Ustawienia połączenia:
Dial-in User = DSL115172@orange.pl
VpnStrategy =Not Applicable
DataEncryption = Requested
PrerequisiteEntry =
CompartmentsEnabled = No
AutoLogon = No
UseRasCredentials = Yes
CustomAuthKey =
AuthRestriction Mask = 0x00000328
RasIpv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
RasIpv6DefaultGateway = No
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
IpSecFlags = No Pre-shared key
ConnectOnWinlogon = No.
Record Number: 35931
Source Name: RasClient
Time Written: 20101230011953.000000-000
Event Type: Informacje
User:

Computer Name: Kasia-PC
Event Code: 20226
Message: Identyfikator CoId={2B72D7EB-95A0-4323-B514-DE4BC374270A}: Użytkownik Kasia-PC\Kasia wybrał numer i nawiązał połączenie o nazwie ZTE ZXDSL 852, które zostało zakończone. Kod przyczyny zwrócony w wyniku zakończenia: 631.
Record Number: 35930
Source Name: RasClient
Time Written: 20101230011948.000000-000
Event Type: Informacje
User:

Computer Name: Kasia-PC
Event Code: 20225
Message: Identyfikator CoId={2B72D7EB-95A0-4323-B514-DE4BC374270A}: Użytkownik Kasia-PC\Kasia wybrał numer w celu nawiązania połączenia o nazwie ZTE ZXDSL 852 z serwerem dostępu zdalnego, które zostało pomyślnie nawiązane. Parametry połączenia:
TunnelIpAddress = 46.134.199.167
TunnelIpv6Address = None
Dial-in User = DSL115172@orange.pl.
Record Number: 35929
Source Name: RasClient
Time Written: 20101230010536.000000-000
Event Type: Informacje
User:

Computer Name: Kasia-PC
Event Code: 20224
Message: Identyfikator CoId={2B72D7EB-95A0-4323-B514-DE4BC374270A}: Łącze do serwera dostępu zdalnego zostało ustanowione przez użytkownika Kasia-PC\Kasia.
Record Number: 35928
Source Name: RasClient
Time Written: 20101230010529.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: Kasia-PC
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
    Identyfikator zabezpieczeń:        S-1-5-18
    Nazwa konta:        KASIA-PC$
    Domena konta:        WORKGROUP
    Identyfikator logowania:        0x3e7

Typ logowania:            5

Nowe logowanie:
    Identyfikator zabezpieczeń:        S-1-5-18
    Nazwa konta:        SYSTEM
    Domena konta:        ZARZĄDZANIE NT
    Identyfikator logowania:        0x3e7
    Identyfikator GUID logowania:        {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
    Identyfikator procesu:        0x280
    Nazwa procesu:        C:\Windows\System32\services.exe

Informacje o sieci:
    Nazwa stacji roboczej:    
    Adres źródłowy sieci:    -
    Port źródłowy:        -

Szczegółowe informacje o uwierzytelnianiu:
    Proces logowania:        Advapi  
    Pakiet uwierzytelniania:    Negotiate
    Usługi przejściowe:    -
    Nazwa pakietu (tylko NTLM):    -
    Długość klucza:        0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
    - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
    - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
    - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
    - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 75643
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120606115131.698942-000
Event Type: Sukces inspekcji
User:

Computer Name: Kasia-PC
Event Code: 4648
Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń.

Podmiot:
    Identyfikator zabezpieczeń:    S-1-5-18
    Nazwa konta:    KASIA-PC$
    Domena konta:    WORKGROUP
    Identyfikator logowania:    0x3e7
    Identyfikator GUID logowania:    {00000000-0000-0000-0000-000000000000}

Konto, którego poświadczenia zostały użyte:
    Nazwa konta:    SYSTEM
    Domena konta:    ZARZĄDZANIE NT
    Identyfikator GUID logowania:    {00000000-0000-0000-0000-000000000000}

Serwer docelowy:
    Nazwa serwera docelowego:    localhost
    Informacje dodatkowe:    localhost

Informacje o procesie:
    Identyfikator procesu:    0x280
    Nazwa procesu:    C:\Windows\System32\services.exe

Informacje o sieci:
    Adres sieciowy:    -
    Port:    -

To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS.
Record Number: 75642
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120606115131.698942-000
Event Type: Sukces inspekcji
User:

Computer Name: Kasia-PC
Event Code: 4902
Message: Utworzono tabelę zasad inspekcji użytkownika.

Liczba elementów:    0
Identyfikator zasad:    0x6f979
Record Number: 75641
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120606115131.277739-000
Event Type: Sukces inspekcji
User:

Computer Name: Kasia-PC
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
    Identyfikator zabezpieczeń:        S-1-0-0
    Nazwa konta:        -
    Domena konta:        -
    Identyfikator logowania:        0x0

Typ logowania:            0

Nowe logowanie:
    Identyfikator zabezpieczeń:        S-1-5-18
    Nazwa konta:        SYSTEM
    Domena konta:        ZARZĄDZANIE NT
    Identyfikator logowania:        0x3e7
    Identyfikator GUID logowania:        {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
    Identyfikator procesu:        0x4
    Nazwa procesu:        

Informacje o sieci:
    Nazwa stacji roboczej:    -
    Adres źródłowy sieci:    -
    Port źródłowy:        -

Szczegółowe informacje o uwierzytelnianiu:
    Proces logowania:        -
    Pakiet uwierzytelniania:    -
    Usługi przejściowe:    -
    Nazwa pakietu (tylko NTLM):    -
    Długość klucza:        0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
    - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
    - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
    - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
    - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 75640
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120606115131.121738-000
Event Type: Sukces inspekcji
User:

Computer Name: Kasia-PC
Event Code: 4608
Message: Trwa uruchamianie systemu Windows.

To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji.
Record Number: 75639
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120606115131.121738-000
Event Type: Sukces inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

[/log]

Logi z OTL:

OTL:

[log]OTL logfile created on: 2013-03-25 17:08:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kasia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,93 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,58% Memory free
6,06 Gb Paging File | 4,47 Gb Available in Paging File | 73,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 71,74 Gb Free Space | 32,19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: KASIA-PC | User Name: Kasia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-03-25 17:06:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
PRC - [2013-03-13 01:43:33 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013-03-08 21:31:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-12-24 05:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
PRC - [2012-12-23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-14 20:13:11 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kasia\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010-08-30 09:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009-11-19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009-10-30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Users\Kasia\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009-04-03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2009-04-03 19:54:40 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
PRC - [2009-02-12 05:20:52 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008-01-21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-03-13 01:43:33 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013-03-08 21:31:46 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-05-30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll
MOD - [2012-05-06 11:20:14 | 003,449,856 | ---- | M] () -- C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
MOD - [2012-05-06 11:19:56 | 004,428,800 | ---- | M] () -- C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffmpeg.dll
MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013-03-13 01:43:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-08 21:31:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-12-24 05:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe -- (NCO)
SRV - [2012-12-23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe -- (NAV)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-12-28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Users\Kasia\Programy\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009-04-03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008-05-05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-01-21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (agpc6czh)
DRV - [2013-03-25 13:29:28 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013-03-24 17:18:23 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130324.007\navex15.sys -- (NAVEX15)
DRV - [2013-03-24 17:18:23 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130324.007\naveng.sys -- (NAVENG)
DRV - [2013-01-31 02:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-01-31 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2013-01-30 20:18:18 | 000,350,368 | R--- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\NAV\1403000.024\symtdiv.sys -- (SYMTDIv)
DRV - [2013-01-30 20:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013-01-28 18:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013-01-28 18:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013-01-21 19:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.sys -- (SymDS)
DRV - [2012-11-19 18:09:16 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012-11-16 04:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.sys -- (ccSet_NST)
DRV - [2012-11-15 19:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012-11-15 19:21:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012-11-15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.sys -- (ccSet_NAV)
DRV - [2010-02-24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009-11-28 18:16:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009-04-10 20:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009-01-15 04:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008-09-25 00:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006-11-10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006-11-03 23:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes,DefaultScope = {B04B3FF7-2D9A-409E-9BE9-522CD3130A2E}
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=804224f000000000000000235ae77995
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={318F23E3-32E1-4D4D-A393-FF1F38CDE08E}&mid=4240f659cc9747d0b8814686afe74dca-a0c4f93105b630949a71d16dfe7284a1844f1f4a&lang=pl&ds=ac011&pr=sa&d=2012-07-30 23:26:25&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{B04B3FF7-2D9A-409E-9BE9-522CD3130A2E}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: player%40vividas.com:4.1.0
FF - prefs.js..extensions.enabledAddons: %7BF04D2D30-776C-4d02-8627-8E4385ECA58D%7D:2013.3.0.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: player@vividas.com:4.1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2012-07-30 20:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013-03-25 13:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013-03-25 13:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-03-08 21:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-03-08 21:31:39 | 000,000,000 | ---D | M]
 
[2009-11-20 16:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasia\AppData\Roaming\mozilla\Extensions
[2013-02-27 12:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions
[2012-04-25 19:00:29 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-12-19 15:45:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011-03-05 21:14:07 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\player@vividas.com
[2013-02-26 21:50:53 | 000,001,294 | ---- | M] () -- C:\Users\Kasia\AppData\Roaming\mozilla\firefox\profiles\eb9urnun.default\searchplugins\delta.xml
[2013-03-08 21:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-03-08 21:31:38 | 000,000,000 | ---D | M] (Blokowanie banerów) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013-03-08 21:31:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013-03-25 13:30:03 | 000,000,000 | ---D | M] (Norton Identity Safe Toolbar) -- C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN
[2013-03-08 21:31:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-01-12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012-04-17 21:15:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-02-10 15:45:50 | 000,180,896 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll
[2013-02-27 12:49:04 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-30 22:26:12 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013-02-26 21:50:45 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013-02-27 12:49:04 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-27 12:49:04 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-27 12:49:04 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-27 12:49:04 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-27 12:49:04 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Kasia\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0260Ext.ax] C:\Windows\System32\V0260Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000..\Run: [ALLUpdate] C:\Users\Kasia\Programy\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000..\Run: [DAEMON Tools Lite] C:\Users\Kasia\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
F3 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000 WinNT: Load - (C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com) - C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com (ATEa)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Users\Kasia\Programy\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Users\Kasia\Programy\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Kasia\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D87AB810-C024-4A10-9E90-71BDAB79317E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{df46989d-dc41-11de-b22c-00235ae77995}\Shell - "" = AutoRun
O33 - MountPoints2\{df46989d-dc41-11de-b22c-00235ae77995}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-03-25 17:06:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
[2013-03-25 13:29:40 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.sys
[2013-03-25 13:29:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST
[2013-03-25 13:29:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD03000.01A
[2013-03-25 13:29:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013-03-25 13:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013-03-25 13:29:28 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013-03-25 13:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013-03-25 13:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013-03-25 13:28:49 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.sys
[2013-03-25 13:28:49 | 000,602,712 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.sys
[2013-03-25 13:28:49 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.sys
[2013-03-25 13:28:49 | 000,350,368 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\symtdiv.sys
[2013-03-25 13:28:49 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\symnets.sys
[2013-03-25 13:28:49 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\Ironx86.sys
[2013-03-25 13:28:49 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.sys
[2013-03-25 13:28:49 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymELAM.sys
[2013-03-25 13:28:48 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.sys
[2013-03-25 13:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2013-03-25 13:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1403000.024
[2013-03-25 13:28:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2013-03-25 13:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2013-03-25 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013-03-24 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Kasia\Desktop\Nowy folder
[2013-03-22 12:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-03-19 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kasia\Local Settings
[2013-03-19 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9}
[2013-03-19 21:02:40 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947}
[2013-03-16 07:30:42 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013-03-15 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\Origin
[2013-03-15 15:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013-03-15 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Local\Origin
[2013-03-08 21:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-02-26 21:50:33 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\Babylon
[2013-02-26 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
 
========== Files - Modified Within 30 Days ==========
 
[2013-03-25 17:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-25 17:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-25 17:06:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
[2013-03-25 16:43:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-25 16:28:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-25 14:14:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-25 14:09:33 | 000,726,512 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-03-25 14:09:33 | 000,645,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-03-25 14:09:33 | 000,157,616 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-03-25 14:09:33 | 000,123,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-03-25 13:31:42 | 001,941,217 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1403000.024\Cat.DB
[2013-03-25 13:29:28 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013-03-25 13:29:28 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013-03-25 13:29:28 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013-03-25 13:29:16 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013-03-25 13:11:47 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-25 00:18:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-03-24 13:18:09 | 000,078,848 | ---- | M] () -- C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-23 23:51:12 | 001,536,596 | ---- | M] () -- C:\Users\Kasia\Desktop\Argov Sherry - Dlaczego mezczyzni kochaja zolzy.pdf
[2013-03-22 19:04:20 | 026,504,568 | ---- | M] () -- C:\Users\Kasia\Desktop\Draus, Terlecki - Historia wychowania t.2.pdf
[2013-03-22 12:07:33 | 262,166,955 | ---- | M] () -- C:\Users\Kasia\Desktop\Bartnicka K., Szybiak I. - Zarys historii wychowania.pdf
[2013-03-22 11:59:43 | 023,625,288 | ---- | M] () -- C:\Users\Kasia\Desktop\Stulecie dziecka R.3 Wychowanie.pdf
[2013-03-16 07:30:42 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013-03-15 15:29:50 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Studenckie życie.lnk
[2013-03-13 01:43:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-03-13 01:43:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-03-06 13:44:33 | 315,992,531 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013-03-25 13:30:12 | 001,941,217 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\Cat.DB
[2013-03-25 13:29:34 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccsetx86.cat
[2013-03-25 13:29:34 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.inf
[2013-03-25 13:29:34 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\isolate.ini
[2013-03-25 13:29:28 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013-03-25 13:29:28 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013-03-25 13:29:16 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013-03-25 13:28:34 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.inf
[2013-03-25 13:28:34 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.inf
[2013-03-25 13:28:34 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNetV.inf
[2013-03-25 13:28:34 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNet.inf
[2013-03-25 13:28:34 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.inf
[2013-03-25 13:28:34 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.inf
[2013-03-25 13:28:34 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\symELAM.inf
[2013-03-25 13:28:34 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.inf
[2013-03-25 13:28:34 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\Iron.inf
[2013-03-25 13:28:17 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymVTcer.dat
[2013-03-25 13:28:17 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymELAM.cat
[2013-03-25 13:28:17 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\symnetv.cat
[2013-03-25 13:28:17 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\ccsetx86.cat
[2013-03-25 13:28:17 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNet.cat
[2013-03-25 13:28:17 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\iron.cat
[2013-03-25 13:28:17 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.cat
[2013-03-25 13:28:17 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.cat
[2013-03-25 13:28:17 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.cat
[2013-03-25 13:28:17 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.cat
[2013-03-25 13:28:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\isolate.ini
[2013-03-23 23:51:02 | 001,536,596 | ---- | C] () -- C:\Users\Kasia\Desktop\Argov Sherry - Dlaczego mezczyzni kochaja zolzy.pdf
[2013-03-23 15:28:46 | 026,504,568 | ---- | C] () -- C:\Users\Kasia\Desktop\Draus, Terlecki - Historia wychowania t.2.pdf
[2013-03-22 12:00:39 | 262,166,955 | ---- | C] () -- C:\Users\Kasia\Desktop\Bartnicka K., Szybiak I. - Zarys historii wychowania.pdf
[2013-03-22 11:59:06 | 023,625,288 | ---- | C] () -- C:\Users\Kasia\Desktop\Stulecie dziecka R.3 Wychowanie.pdf
[2013-03-15 15:29:50 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Studenckie życie.lnk
[2013-02-20 21:32:58 | 000,009,014 | ---- | C] () -- C:\Users\Kasia\AppData\Local\recently-used.xbel
[2013-01-17 21:41:44 | 000,019,851 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\UserTile.png
[2012-12-30 01:17:52 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempzA4812.html
[2012-12-30 01:17:52 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TemptT4812.html
[2012-11-12 21:38:34 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempbO2964.html
[2012-11-01 16:30:47 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempAn5524.html
[2012-09-19 16:28:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012-09-19 16:27:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012-08-09 14:03:40 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempol4024.html
[2012-08-08 12:19:54 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempef5932.html
[2012-07-31 14:32:45 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012-07-13 20:51:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012-07-07 22:38:53 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempSP4152.html
[2012-06-10 14:01:06 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempaI2892.html
[2012-06-10 14:00:23 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Temppo4348.html
[2012-06-10 14:00:23 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempBq4348.html
[2012-05-22 21:47:18 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempBi1400.html
[2012-05-21 19:09:46 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempyt4400.html
[2012-05-21 19:09:46 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempbB4400.html
[2012-05-19 23:26:57 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempmj3872.html
[2012-05-17 22:45:04 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempZh5672.html
[2012-05-16 15:09:40 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempgq2684.html
[2012-05-16 15:09:40 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempWq2684.html
[2012-05-14 18:12:00 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Temphe3076.html
[2012-05-14 18:12:00 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Temptr3076.html
[2012-05-13 20:12:45 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempDA2516.html
[2012-05-08 22:02:33 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempA13196.html
[2012-05-08 22:02:33 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempB13196.html
[2012-05-07 11:29:49 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempqA3280.html
[2012-05-07 11:29:49 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempCt3280.html
[2012-05-04 18:08:43 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TemprA4572.html
[2012-04-29 21:33:11 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempiI4724.html
[2012-04-29 21:33:11 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempuW4724.html
[2012-04-21 10:38:35 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempbS5704.html
[2012-04-18 19:57:38 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempbh3016.html
[2012-04-18 19:57:38 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Temphe3016.html
[2012-04-16 16:52:47 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempRB7780.html
[2012-04-16 16:52:47 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TemphS7780.html
[2012-04-12 19:57:28 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempwI5404.html
[2012-04-12 19:57:28 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TemplV5404.html
[2012-04-11 19:13:02 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempfz3156.html
[2012-04-10 20:57:02 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempTL1088.html
[2012-04-10 20:57:02 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempue1088.html
[2012-04-09 12:04:45 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempbw3440.html
[2012-04-09 12:04:45 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempfD3440.html
[2012-04-08 18:46:33 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempvC1648.html
[2012-04-08 18:46:33 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempAs1648.html
[2012-04-08 14:54:57 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempWi5552.html
[2012-04-08 14:54:57 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempDz5552.html
[2012-04-07 19:01:24 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempnmm516.html
[2012-04-07 14:14:51 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempSn1344.html
[2012-04-06 13:12:14 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempwX5708.html
[2012-04-06 13:12:14 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempXm5708.html
[2012-04-05 22:42:39 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempJB5128.html
[2012-04-02 23:02:49 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempLC3584.html
[2012-04-02 23:02:49 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempLO3584.html
[2012-04-01 22:21:12 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempZj3760.html
[2012-03-31 22:14:10 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempvZn268.html
[2012-03-31 22:14:10 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempHDd268.html
[2012-03-30 12:12:02 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempxY1976.html
[2012-03-29 13:50:13 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\Tempzb2704.html
[2012-03-24 17:46:17 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempHy5596.html
[2012-03-24 17:46:17 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempoW5596.html
[2012-03-18 00:18:09 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempLF1412.html
[2012-03-18 00:18:09 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempAZ1412.html
[2012-03-17 11:16:16 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempKh6032.html
[2012-03-15 22:06:16 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempYK3140.html
[2012-03-15 22:06:16 | 000,002,089 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TempUr3140.html
[2012-03-14 23:02:49 | 000,002,432 | ---- | C] () -- C:\Users\Kasia\AppData\Local\TemppD2608.html
[2011-12-26 01:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011-12-25 20:14:59 | 000,716,813 | ---- | C] () -- C:\Windows\unins000.exe
[2011-12-25 20:07:59 | 000,301,223 | ---- | C] () -- C:\Windows\unins000.dat
[2011-12-25 20:01:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011-12-25 14:41:00 | 000,000,767 | ---- | C] () -- C:\Users\Kasia\EPSON Scan.lnk
[2011-11-27 16:59:05 | 000,036,864 | ---- | C] () -- C:\Windows\StmClean.exe
[2011-11-10 00:17:38 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011-05-25 16:10:26 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011-03-28 11:45:45 | 000,000,137 | ---- | C] () -- C:\Windows\disney.ini
[2011-03-28 11:45:08 | 000,000,183 | ---- | C] () -- C:\Windows\disneysy.ini
[2010-05-02 01:21:47 | 000,000,680 | ---- | C] () -- C:\Users\Kasia\AppData\Local\d3d9caps.dat
[2010-01-10 16:48:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-11-20 17:37:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-11-20 15:14:27 | 000,078,848 | ---- | C] () -- C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-20 15:02:12 | 000,000,000 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012-07-30 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012-07-30 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\AnvSoft
[2011-07-07 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Ashampoo
[2012-07-30 20:34:18 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\avidemux
[2013-02-26 21:50:33 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Babylon
[2013-02-26 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\BESTplayer
[2012-05-08 01:09:20 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\BitComet
[2009-11-28 18:24:03 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\DAEMON Tools Lite
[2011-03-28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Desperate Housewives
[2011-12-25 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Epson
[2012-07-30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2011-04-27 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Gadu-Gadu 10
[2010-10-18 12:45:01 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\GameHouse
[2012-09-23 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\GOL_byHasbro
[2010-10-30 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\gtk-2.0
[2009-11-20 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\InterVideo
[2012-07-30 22:17:40 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\iOrgsoft
[2012-07-30 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\MAGIX
[2009-11-20 17:01:06 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\OpenFM
[2013-03-15 15:32:25 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Origin
[2013-01-17 21:41:43 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\PeerNetworking
[2010-03-28 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\pl.TribalDDB.WidgetLipton
[2011-11-03 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\ProtectDISC
[2012-03-14 22:57:31 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Samsung
[2011-05-25 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\SoftMaker
[2012-11-11 15:42:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Techland
[2010-02-19 19:10:47 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Template
[2011-08-09 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Thinstall
[2009-11-21 01:37:11 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\WildTangent
[2012-09-19 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Windows Live Writer
[2013-03-19 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947}
[2013-03-19 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:322EAACD

< End of report >

[/log]

Extras:

[log]OTL Extras logfile created on: 2013-03-25 17:08:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kasia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,93 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 43,58% Memory free
6,06 Gb Paging File | 4,47 Gb Available in Paging File | 73,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 71,74 Gb Free Space | 32,19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: KASIA-PC | User Name: Kasia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDA1B74-96A8-48FD-9F55-B2C68379F693}" = rport=137 | protocol=17 | dir=out | app=system |
"{1287BE74-4396-4EEA-9489-71770657687F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C05CFB4-7A8D-4138-A524-101B7468B4B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E823C07-FBC9-42CB-8651-62C42ECC0FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25892806-4E5A-42A3-A918-790B5CCB1E56}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39799EF2-E9D8-444B-B91E-10587C0326F9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5A6667E8-FAC9-4DF6-B70B-B81D01EF19F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{684441B7-8670-4215-B941-CA08B2D26577}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{709D619E-8FC3-4CF3-BCFB-0DA1B3743227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72D0EE57-8184-4502-9D45-86995A747250}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75BA060B-926B-43EA-AF32-29F9AACF352C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E6E6F29-CE7B-4F06-ACC9-2E2A31222156}" = lport=2869 | protocol=6 | dir=in | app=system |
"{981B076E-6994-458D-8B98-95AAC77D3A05}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3D49045-D837-48D2-959B-F038616A3C71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A66EC303-3AAD-4722-B34B-1C7C686966D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B63B1C7C-F198-44A4-82DA-511B5B2EE0DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B92E9C9C-B184-460A-9F05-E35C4AFF8D67}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD8EA4D3-857E-4EBF-A386-87BD1A53401E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAF48782-34D0-452B-84A5-314861CA71BC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD6947FD-6037-4C77-9D1D-21CB7FFF20BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{E74A0E60-D2BE-465F-82BC-8AB78BDF8C8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE44A019-BD92-4CD9-96DD-BB7922B5915D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F71E0B25-0C8C-4B3E-8B75-E1E0ED995E7E}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB55B525-B20D-404E-BF71-BE87D9F0A67D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05632EA6-ACB4-4E3A-9C7A-96CFA4525657}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0FB84AAE-093D-4AF6-A696-EABB6A318F82}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1495130B-98A8-407A-B541-AF8D186CC24C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17227E8B-846B-41BE-BB6F-8E156DB5304B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C06770D-B512-46B6-BBC9-CD625008BA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8E264F-EF6E-440A-84AF-53019C68C701}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8A51BE-814C-4E1B-A045-6C8DA54E73D4}" = protocol=17 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"{1EE82C6D-3AE2-4E96-8E00-E9FF4C311A7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21B4451E-2201-4D83-ACE2-F97AEA3DD200}" = protocol=6 | dir=in | app=d:\release\orange.exe |
"{269383C0-B49B-4EAD-8D6E-75F8E729F48B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2722B3B7-B21D-44BB-9620-6E96765A4090}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D7DEADD-0E1F-41F9-8C65-0F4173722E10}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35BCEDCC-6616-4822-8CD3-E83947F3A703}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45A6B5A1-8A69-42A7-A1A3-5B5A1CE36001}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5350C43E-BFC9-4E07-AEC2-A4EDC0BBDE06}" = protocol=17 | dir=in | app=c:\users\kasia\downloads\videoconvertersetup.exe |
"{57F04511-C495-4BE3-BB3D-DEFCF7FF4F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6081A98F-8386-4087-914B-11A08A123126}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{611AA4B5-EFA1-4FE4-9A62-505A336CC01F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66ABE979-2890-4E17-AA55-A50300441317}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{72A8D00A-B6FC-44D7-A0E7-1C1D7D7D86EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{73176B8E-0AC7-44FF-8ACF-E38B4B05AA1B}" = protocol=6 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"{75769EE7-08AF-47DC-B428-35087A335BF4}" = protocol=17 | dir=in | app=d:\release\orange.exe |
"{7AF251DB-25C6-4067-B8D8-840D45FB5D26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F6BC29-56B6-4AF7-BEB7-DED9E0788991}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{827294F5-8EC3-4559-AB2B-A2C21351D553}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{82DEE76C-09D8-4A2D-83E2-868F6F90FB9E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{87CD9D0A-7E77-4902-AA3B-57F24A1E1A19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{892E7D9C-73D4-4268-B376-FD1FC0972635}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B5B1C63-88DE-4026-BD4E-758AC5C2AF80}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{97A4BE55-F5A0-4E78-9E50-E755D6711340}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9BD6C0C0-FF91-4C21-8C7A-9F7973D43B6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A7B77F70-4B02-4EEA-9435-581FAB53AA13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACA43155-AB54-425A-9F6B-E1CB20C72FB0}" = protocol=6 | dir=in | app=c:\users\kasia\downloads\videoconvertersetup.exe |
"{AE72AD78-B116-4C90-9335-BAB64506430E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B1702411-9FBA-4D6D-942F-D88F3E85F87B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B92D33C2-E32D-4242-B842-3BB20A78BE8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAB20793-53F5-4EB0-B0D6-476962134A9B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BD4E02D1-BF45-4255-B27B-0B3E55079641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDAB6725-F289-4B81-95F1-FF5BF0ACB582}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{BEC6F577-C17F-4587-A97C-D89626EFF3A7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BEE558AE-37AC-4C17-AB40-FCDF51E88606}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C34E56D1-CC52-4E70-92B9-D8D14A100480}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE19EC83-F2F4-45D5-B8AB-6506F135860B}" = protocol=6 | dir=out | app=system |
"{D26077A8-10C4-4B38-A2AA-8EA6262F8EE1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D89BA2B1-6D90-4E7E-917D-C4D38F996BA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E187F43A-5F09-4674-B969-D5A17D3A0AD4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E82F003F-FF8C-46FB-9FBC-EE319647BFCD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E90AFD5B-6728-48FD-AAFB-AC5C1C832CAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9D9C135-300F-4D2D-8494-3D3A5995227A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F19C0434-9F53-421D-9480-0B15DB9A1366}" = protocol=6 | dir=in | app=d:\release\orange.exe |
"{F2A31CA5-EF41-4350-B6D6-191CF4B5CD12}" = protocol=17 | dir=in | app=d:\release\orange.exe |
"TCP Query User{264304F3-20F4-487F-BFF3-7B4A7CC7B31C}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{2D917B6A-24E5-4932-AD53-9A990F1963A8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{3818DEBB-463C-4528-A566-5BE4911205F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{50800942-BCDA-44E9-815E-5D9CCA843F6F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5D818891-7D0C-4836-B91C-EA5D1F82353E}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{A727C7EF-94E4-427B-B49C-315A35DD4451}C:\users\kasia\programy\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"TCP Query User{EC3214C7-7A38-4A62-A11E-3EE1EEA1C8ED}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=6 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"TCP Query User{F9E0B17B-A19C-41E0-ABA5-A0DC40FD5240}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=6 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"UDP Query User{0424EE81-3CFD-483B-872A-D90386B09D5D}C:\users\kasia\programy\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"UDP Query User{451FF5DC-5F65-4E32-A626-97066DF64071}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=17 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"UDP Query User{49F6FFD0-07E3-4DC7-8F19-014074EEB9EC}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{8534547F-7FFD-446E-A2D2-3677A010E288}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{9D2F751A-D589-446E-ABEF-39DEFC0CBA57}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A3C23D71-6800-4835-B267-416C27FA7C2F}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{C9453275-F7CD-4C00-A4F1-736D300401DF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{FEBD908D-2301-4C2C-9EE8-219F71938E44}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=17 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Cztery pory roku
"{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD824F7-41B7-4D87-9D6D-B58CCA583439}_is1" = Karaoke for Fun - eXtra Hity
"{5CC4A526-F9C8-4911-B214-AC8AA3EE50D1}_is1" = Defrikz - Latino
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Średniowiecze
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{91013A60-09F1-48F1-A749-186FDF498E72}_is1" = Defrikz - Happy Day
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94B4E2D8-A184-415C-BF9E-F699D76466BD}" = Heroes of Might and Magic IV - Złota Edycja
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C3335EFB-008F-44DB-A87A-9EC8EE53D045}" = Windows Live Sync
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB28F26-D11B-426F-A415-AA95001BBF8C}}_is1" = Dance Party
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Pokolenia
"{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 Studenckie życie
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"AutocompletePro2_is1" = AutocompletePro
"BitComet" = BitComet 1.32
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"eMachines Screensaver" = eMachines ScreenSaver
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"EPSON SX130 Series Useg" = Przewodnik użytkownika EPSON SX130 Series
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"FormatFactory" = FormatFactory 2.96
"Gadu-Gadu 10" = Gadu-Gadu 10
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 pl)" = Mozilla Firefox 19.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mój Fitness" = Mój Fitness
"NapiProjekt_is1" = NapiProjekt 1.0.6.7
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"OpenAL" = OpenAL
"Origin" = Origin
"Pampers Zloty Sen_is1" = Pampers Zloty Sen
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"VLC media player" = VLC media player 2.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JScreenFix deluxe" = JScreenFix deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksdb.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksCal.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:05:43 | Computer Name = Kasia-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd Orange.exe, wersja 0.0.0.0, sygnatura czasowa
 0x482d6307, moduł powodujący błąd Orange.exe, wersja 0.0.0.0, sygnatura czasowa
 0x482d6307, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000da1d,  identyfikator
 procesu 0xb4c, godzina rozpoczęcia aplikacji 0x01cbf93be1d81191.
 
Error - 2011-04-12 18:33:47 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksss.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksdb.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksCal.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-15 06:52:40 | Computer Name = Kasia-PC | Source = RasClient | ID = 20227
Description =
 
[ OSession Events ]
Error - 2011-03-09 02:26:04 | Computer Name = Kasia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1795
 seconds with 840 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-03-12 14:33:05 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 2013-03-14 20:40:07 | Computer Name = Kasia-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2013-03-19 09:03:27 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2013-03-23 08:02:53 | Computer Name = Kasia-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 12:56:11 na 2013-03-23 było nieoczekiwane.
 
Error - 2013-03-23 08:03:59 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2013-03-23 22:50:01 | Computer Name = Kasia-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2013-03-24 07:38:35 | Computer Name = Kasia-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 12:36:14 na 2013-03-24 było nieoczekiwane.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
 
< End of report >

[/log]

A w załączniku dodaje screena obrazującego problem.
 

Tomek01
komentarz
komentarz

Z panelu  sterowania odinstaluj Babylon toolbar,

W OTL, w oknie własnego skryptu wklej:

[spoiler]

:OTL

IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000235ae77995
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-30 23:26:25&v=12.1.0.21&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true

[2013-03-25 13:30:03 | 000,000,000 | ---D | M] (Norton Identity Safe Toolbar) -- C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN

O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)

F3 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000 WinNT: Load - (C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com) - C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com (ATEa)

[2013-02-26 21:50:33 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\Babylon
[2013-02-26 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2009-11-20 15:02:12 | 000,000,000 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\wklnhst.dat

[2013-02-26 21:50:33 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Babylon

[2013-03-19 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947}
[2013-03-19 21:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9}

@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:322EAACD

 

:files

C:\Users\Kasia\AppData\Local\Temp*

[emptytemp]

[/spoiler]

 

Klikasz run fix, system się restaruje, OTL generuje raport, który poproszę.

 

Zastosuj ADWCleaner z opcją deletion, raport też załącz.

 

Po wszystkim nowy log OTL z opcji Run Scan/skanuj.

 

 

Do System Look http://www.instalki.pl/programy/download_c/119/13567.html wklej:

[spoiler]

:file

C:\Windows\system32\drivers\agpc6czh.sys

[/spoiler]

 

wciśnij look, pokaż co wyskoczyło.

Tomek01
komentarz
komentarz

Zayfi, to jest oczywiste, choć w logu nie widać infekcji z pendrive'a.

Zayfi
komentarz
komentarz

Zayfi, to jest oczywiste, choć w logu nie widać infekcji z pendrive'a.

Nie widać bo infekcja jest na pendraku a nie w systemie. :cfaniak:

Tomek01
komentarz
komentarz

O tym samym mówimy ;) Z systemu śmieci posprzątać też należy a to w jakiej kolejności to zastosujesz w tym wypadku nie ma chyba znaczenia.

Karolas
komentarz
komentarz

A więc tak: Babylon toolbar'a nie mogłem odinstalować poprzez panel sterowania, ponieważ nie znajduje się na liście z innymi programami. A poniżej dołączam wymagane logi i raporty:

Raport z OTL:

[log]All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKU\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN\content folder moved successfully.
C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN\components folder moved successfully.
C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN\chrome\skin folder moved successfully.
C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN\chrome folder moved successfully.
C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\COFFPLGN folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}\ deleted successfully.
C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll moved successfully.
File move failed. C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com deleted successfully.
C:\Users\Kasia\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Kasia\AppData\Roaming\wklnhst.dat moved successfully.
Folder C:\Users\Kasia\AppData\Roaming\Babylon\ not found.
C:\Users\Kasia\AppData\Roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947} folder moved successfully.
C:\Users\Kasia\AppData\Roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9} folder moved successfully.
ADS C:\ProgramData\TEMP:322EAACD deleted successfully.
========== FILES ==========
C:\Users\Kasia\AppData\Local\Temp\~~~ArcSoftDownLoad folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{da87d6c8-5d6c-46fa-b6cb-0eb738862ebe} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{DA5CC546-F544-45A9-9672-31848CE0F0A7}\Disk1 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{DA5CC546-F544-45A9-9672-31848CE0F0A7} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{D56BC5EB-66AB-4123-A2E7-F69D7367A602} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{D4EB5914-D769-4338-BEE5-F1D6FDA19B09} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{ca613dea-01b8-4702-8683-5495837a1b70} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{C1D865E1-EDB7-44FD-8BBD-D3D9B506E537} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{BCC3922E-B15B-4DB9-8230-393CFBAC0825} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{b3745d68-55a3-4211-94e9-d37982ed7ac9} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{AB328F11-1D65-426A-89B5-A6DBE5B53031} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{9A9B1473-A3BF-763F-BB5C-06B2E2216216} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{9047133f-b9ec-4ca5-9030-3681ea6034f9} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{62ECBD00-9532-47FF-9E6F-413192BA3172}\Disk1 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{62ECBD00-9532-47FF-9E6F-413192BA3172} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{62e876b1-057d-46bc-86f6-615d007a408f} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{2a6479ef-48cc-41ac-9536-f1f0354a34b2} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{26fa6950-4d53-43d8-aaa9-149001dad9b0} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{1e41ab0d-adf2-4249-a516-212b1e2aeaba} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{1d9916bb-b10b-4f8e-b0e0-2651ddf32974} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{158fa763-09e9-4200-9bc8-cae028a04491} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\{12866684-5af3-4c90-ae75-63207ebab9b2} folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\_ir_sf_temp_0 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\VEM folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\V9Zip_000 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\TempThumbDir folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZP3N4QST folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XIA35OX5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XD16HSHZ folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\74H2CILS folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\TempDir folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Rar$DR02.069\NW folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Rar$DR02.069 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-9 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-8 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-7 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-6 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-45 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-44 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-43 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-42 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-41 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-40 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-4 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-39 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-38 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-37 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-36 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-35 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-34 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-33 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-32 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-31 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-30 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-29 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-28 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-27 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-26 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-25 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-24 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-23 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-22 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-21 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-20 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-19 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-18 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-17 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-16 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-15 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-14 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-13 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-12 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-11 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-10 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Picasa3 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Origin folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\908d62ae21ea015b0ab8eb9e25515afe folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\831fc6f9901af1fd98115b5a10864eef folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\OCS\Downloads folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\OCS folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mt_ffx\Delta\delta folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mt_ffx\Delta folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mt_ffx folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\MSI folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mProjector957005698 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\mozilla-media-cache folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Low\hsperfdata_Kasia folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\is-6S9PD.tmp folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\InterVideo\Cap folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\InterVideo folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\hsperfdata_Kasia folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\History folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\EE55B3C9-BAB0-7891-AE90-E65127B1BB33\Latest\HtmlScreens folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\EE55B3C9-BAB0-7891-AE90-E65127B1BB33\Latest folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\EE55B3C9-BAB0-7891-AE90-E65127B1BB33 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\DWD1860.tmp folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\CDM folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\bc_tmp folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\bc_cache folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\skin folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\zh-tw folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\zh-cn folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\tr folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\sr folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\sk folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\ru folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\pt-br folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\pt folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\pl folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\nl folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\ms folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\ko folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\ja folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\it folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\id folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\hu folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\fr folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\es-es folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\es folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\en folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\de folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\da folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale\cs folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules\locale folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\modules folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\locale\en-US folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\locale folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\components folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar\chrome folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\avg@toolbar folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\AutoRun folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\AskToolbarTemp folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\ArcUpdater folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\APNLogs folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\APN-Stub folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Adobe\Acrobat\10.0 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\TFIWSZ1Y folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\756VPKOV folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\48M05TZ3 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\033CRUIJ folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\History\History.IE5 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\History folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir\Cookies folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\161120102013Pampers Zloty Sen folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192107-00000668-b85esyd4bh folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192104-00000668-zuywzye9ik folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192104-00000668-vk7dmu7gzm folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192103-00000668-6kw2fe1jsl folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192101-00000668-n32u02lp4f folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09192051-00000668-01vnpa15d1 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09191922-00000f34-bdn5px1ulu folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09191657-000010c8-rerdg9z8t0 folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\09191438-00000ab8-429nmlmdik folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\08072223-00000ca8-eg7f9z4l2q folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\.viv\cache folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp\.viv folder moved successfully.
C:\Users\Kasia\AppData\Local\Temp folder moved successfully.
C:\Users\Kasia\AppData\Local\TempA13196.html moved successfully.
C:\Users\Kasia\AppData\Local\TempaI2892.html moved successfully.
C:\Users\Kasia\AppData\Local\TempAn5524.html moved successfully.
C:\Users\Kasia\AppData\Local\TempAs1648.html moved successfully.
C:\Users\Kasia\AppData\Local\TempAZ1412.html moved successfully.
C:\Users\Kasia\AppData\Local\TempB13196.html moved successfully.
C:\Users\Kasia\AppData\Local\TempbB4400.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempbh3016.html moved successfully.
C:\Users\Kasia\AppData\Local\TempBi1400.html moved successfully.
C:\Users\Kasia\AppData\Local\TempbO2964.html moved successfully.
C:\Users\Kasia\AppData\Local\TempBq4348.html moved successfully.
C:\Users\Kasia\AppData\Local\TempbS5704.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempbw3440.html moved successfully.
C:\Users\Kasia\AppData\Local\TempCt3280.html moved successfully.
C:\Users\Kasia\AppData\Local\TempDA2516.html moved successfully.
C:\Users\Kasia\AppData\Local\TempDz5552.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempef5932.html moved successfully.
C:\Users\Kasia\AppData\Local\TempfD3440.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempfz3156.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempgq2684.html moved successfully.
C:\Users\Kasia\AppData\Local\TempHDd268.html moved successfully.
C:\Users\Kasia\AppData\Local\Temphe3016.html moved successfully.
C:\Users\Kasia\AppData\Local\Temphe3076.html moved successfully.
C:\Users\Kasia\AppData\Local\TemphS7780.html moved successfully.
C:\Users\Kasia\AppData\Local\TempHy5596.html moved successfully.
C:\Users\Kasia\AppData\Local\TempiI4724.html moved successfully.
C:\Users\Kasia\AppData\Local\TempJB5128.html moved successfully.
C:\Users\Kasia\AppData\Local\TempKh6032.html moved successfully.
C:\Users\Kasia\AppData\Local\TempLC3584.html moved successfully.
C:\Users\Kasia\AppData\Local\TempLF1412.html moved successfully.
C:\Users\Kasia\AppData\Local\TempLO3584.html moved successfully.
C:\Users\Kasia\AppData\Local\TemplV5404.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempmj3872.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempnmm516.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempol4024.html moved successfully.
C:\Users\Kasia\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Users\Kasia\AppData\Local\TempoW5596.html moved successfully.
C:\Users\Kasia\AppData\Local\TemppD2608.html moved successfully.
C:\Users\Kasia\AppData\Local\Temppo4348.html moved successfully.
C:\Users\Kasia\AppData\Local\TempqA3280.html moved successfully.
C:\Users\Kasia\AppData\Local\TemprA4572.html moved successfully.
C:\Users\Kasia\AppData\Local\TempRB7780.html moved successfully.
C:\Users\Kasia\AppData\Local\TempSn1344.html moved successfully.
C:\Users\Kasia\AppData\Local\TempSP4152.html moved successfully.
C:\Users\Kasia\AppData\Local\TempTL1088.html moved successfully.
C:\Users\Kasia\AppData\Local\Temptr3076.html moved successfully.
C:\Users\Kasia\AppData\Local\TemptT4812.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempue1088.html moved successfully.
C:\Users\Kasia\AppData\Local\TempUr3140.html moved successfully.
C:\Users\Kasia\AppData\Local\TempuW4724.html moved successfully.
C:\Users\Kasia\AppData\Local\TempvC1648.html moved successfully.
C:\Users\Kasia\AppData\Local\TempvZn268.html moved successfully.
C:\Users\Kasia\AppData\Local\TempwI5404.html moved successfully.
C:\Users\Kasia\AppData\Local\TempWi5552.html moved successfully.
C:\Users\Kasia\AppData\Local\TempWq2684.html moved successfully.
C:\Users\Kasia\AppData\Local\TempwX5708.html moved successfully.
C:\Users\Kasia\AppData\Local\TempXm5708.html moved successfully.
C:\Users\Kasia\AppData\Local\TempxY1976.html moved successfully.
C:\Users\Kasia\AppData\Local\TempYK3140.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempyt4400.html moved successfully.
C:\Users\Kasia\AppData\Local\TempzA4812.html moved successfully.
C:\Users\Kasia\AppData\Local\Tempzb2704.html moved successfully.
C:\Users\Kasia\AppData\Local\TempZh5672.html moved successfully.
C:\Users\Kasia\AppData\Local\TempZj3760.html moved successfully.
File\Folder [emptytemp] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03252013_202343

Files\Folders moved on Reboot...
C:\Users\Kasia\LOCALS~1\Temp\mscvewc.com moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[/log]

Raport z ADWCleaner:

[log]# AdwCleaner v2.115 - Log utworzony 25/03/2013 o 20:34:46
# Aktualizacja 17/03/2013 przez Xplode
# System operacyjny : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Użytkownik : Kasia - KASIA-PC
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Users\Kasia\Desktop\adwcleaner_www.INSTALKI.pl.exe
# Opcja [Usuń]


***** [Usługi] *****


***** [Pliki / Foldery] *****

Folder Usunięto : C:\Program Files\AutocompletePro
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Plik Usunięto : C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default\searchplugins\delta.xml

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\536dadbb638ba41
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\DataMngr
Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\IGearSettings
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro2_is1
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKLM\SOFTWARE\536dadbb638ba41
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Klucz Usunięto : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro2_is1
Wartość Usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Rejestr w porządku.

-\\ Mozilla Firefox v19.0.2 (pl)

Plik : C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default\prefs.js

C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\eb9urnun.default\user.js ... Usunięto !

Usunięto : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntr[...]
Usunięto : user_pref("avg.install.userSPSettings", "Delta Search");
Usunięto : user_pref("extensions.BabylonToolbar_i.newTab", true);
Usunięto : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119828&babsrc[...]
Usunięto : user_pref("extensions.delta.admin", false);
Usunięto : user_pref("extensions.delta.aflt", "babsst");
Usunięto : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Usunięto : user_pref("extensions.delta.autoRvrt", "false");
Usunięto : user_pref("extensions.delta.dfltLng", "en");
Usunięto : user_pref("extensions.delta.excTlbr", false);
Usunięto : user_pref("extensions.delta.id", "804224f000000000000000235ae77995");
Usunięto : user_pref("extensions.delta.instlDay", "15762");
Usunięto : user_pref("extensions.delta.instlRef", "sst");
Usunięto : user_pref("extensions.delta.newTab", false);
Usunięto : user_pref("extensions.delta.prdct", "delta");
Usunięto : user_pref("extensions.delta.prtnrId", "delta");
Usunięto : user_pref("extensions.delta.rvrt", "false");
Usunięto : user_pref("extensions.delta.smplGrp", "none");
Usunięto : user_pref("extensions.delta.tlbrId", "base");
Usunięto : user_pref("extensions.delta.tlbrSrchUrl", "");
Usunięto : user_pref("extensions.delta.vrsn", "1.8.10.0");
Usunięto : user_pref("extensions.delta.vrsnTs", "1.8.10.021:50:53");
Usunięto : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[S1].txt - [5269 octets] - [25/03/2013 20:34:46]

########## EOF - C:\AdwCleaner[S1].txt - [5329 octets] ##########

[/log]

Nowe logi z OTL:

OTL


[log]OTL logfile created on: 2013-03-26 12:45:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kasia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,93 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 57,02% Memory free
6,06 Gb Paging File | 4,84 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 71,43 Gb Free Space | 32,05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: KASIA-PC | User Name: Kasia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-03-25 20:27:16 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kasia\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2013-03-25 17:06:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
PRC - [2013-03-13 01:43:33 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013-03-08 21:31:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-12-24 05:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
PRC - [2012-12-23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-08-30 09:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009-11-19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009-10-30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Users\Kasia\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009-04-03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2009-04-03 19:54:40 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
PRC - [2009-02-12 05:20:52 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-03-13 01:43:33 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013-03-08 21:31:46 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-05-30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll
MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013-03-13 01:43:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-08 21:31:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-12-24 05:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe -- (NCO)
SRV - [2012-12-23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe -- (NAV)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-12-28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Users\Kasia\Programy\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009-04-03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008-05-05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-01-21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (avsbw25w)
DRV - [2013-03-25 13:29:28 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013-03-24 17:18:23 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130325.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2013-03-24 17:18:23 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013-03-24 17:18:23 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130325.024\NAVENG.SYS -- (NAVENG)
DRV - [2013-03-22 15:39:26 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130323.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013-01-31 02:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-01-30 20:18:18 | 000,350,368 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\symtdiv.sys -- (SYMTDIv)
DRV - [2013-01-30 20:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.sys -- (SymEFA)
DRV - [2013-01-28 18:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013-01-28 18:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013-01-21 19:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.sys -- (SymDS)
DRV - [2013-01-16 03:57:39 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012-11-16 04:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.sys -- (ccSet_NST)
DRV - [2012-11-15 19:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\Ironx86.sys -- (SymIRON)
DRV - [2012-11-15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.sys -- (ccSet_NAV)
DRV - [2010-02-24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009-11-28 18:16:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009-04-10 20:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009-01-15 04:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008-09-25 00:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006-11-10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006-11-03 23:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes,DefaultScope = {B04B3FF7-2D9A-409E-9BE9-522CD3130A2E}
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\SearchScopes\{B04B3FF7-2D9A-409E-9BE9-522CD3130A2E}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}
IE - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "https://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: player%40vividas.com:4.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: player@vividas.com:4.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013-03-25 13:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013-03-26 11:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-03-08 21:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-03-08 21:31:39 | 000,000,000 | ---D | M]
 
[2009-11-20 16:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasia\AppData\Roaming\mozilla\Extensions
[2013-02-27 12:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions
[2012-04-25 19:00:29 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-12-19 15:45:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011-03-05 21:14:07 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\Kasia\AppData\Roaming\mozilla\Firefox\Profiles\eb9urnun.default\extensions\player@vividas.com
[2013-03-08 21:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-03-08 21:31:38 | 000,000,000 | ---D | M] (Blokowanie banerów) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013-03-08 21:31:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2013-03-08 21:31:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-01-12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012-04-17 21:15:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-02-10 15:45:50 | 000,180,896 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll
[2013-02-27 12:49:04 | 000,002,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-02-27 12:49:04 | 000,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-02-27 12:49:04 | 000,001,130 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-02-27 12:49:04 | 000,001,071 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-02-27 12:49:04 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-02-27 12:49:04 | 000,001,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Kasia\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - No CLSID value found.
O3 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0260Ext.ax] C:\Windows\System32\V0260Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000..\Run: [ALLUpdate] C:\Users\Kasia\Programy\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000..\Run: [DAEMON Tools Lite] C:\Users\Kasia\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Users\Kasia\Programy\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Users\Kasia\Programy\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Users\Kasia\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-935725864-1806392070-3744808875-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D87AB810-C024-4A10-9E90-71BDAB79317E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{df46989d-dc41-11de-b22c-00235ae77995}\Shell - "" = AutoRun
O33 - MountPoints2\{df46989d-dc41-11de-b22c-00235ae77995}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-03-25 20:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Local\Temp
[2013-03-25 20:23:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-03-25 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Kasia\Desktop\log
[2013-03-25 17:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-03-25 17:25:33 | 000,000,000 | ---D | C] -- C:\rsit
[2013-03-25 17:06:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
[2013-03-25 13:29:40 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.sys
[2013-03-25 13:29:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST
[2013-03-25 13:29:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD03000.01A
[2013-03-25 13:29:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013-03-25 13:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013-03-25 13:29:28 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013-03-25 13:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013-03-25 13:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013-03-25 13:28:49 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.sys
[2013-03-25 13:28:49 | 000,602,712 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.sys
[2013-03-25 13:28:49 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.sys
[2013-03-25 13:28:49 | 000,350,368 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\symtdiv.sys
[2013-03-25 13:28:49 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\symnets.sys
[2013-03-25 13:28:49 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\Ironx86.sys
[2013-03-25 13:28:49 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.sys
[2013-03-25 13:28:49 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\SymELAM.sys
[2013-03-25 13:28:48 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.sys
[2013-03-25 13:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2013-03-25 13:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1403000.024
[2013-03-25 13:28:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2013-03-25 13:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2013-03-25 13:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013-03-24 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Kasia\Desktop\Nowy folder
[2013-03-22 12:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-03-19 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kasia\Local Settings
[2013-03-16 07:30:42 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013-03-15 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Roaming\Origin
[2013-03-15 15:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013-03-15 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Kasia\AppData\Local\Origin
[2013-03-08 21:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-03-26 12:43:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-26 12:28:03 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-26 11:57:57 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-26 11:57:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-26 11:57:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-26 11:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-26 00:35:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-03-25 20:32:07 | 000,609,993 | ---- | M] () -- C:\Users\Kasia\Desktop\adwcleaner_www.INSTALKI.pl.exe
[2013-03-25 20:31:46 | 000,139,264 | ---- | M] () -- C:\Users\Kasia\Desktop\SystemLook.exe
[2013-03-25 17:35:28 | 000,066,512 | ---- | M] () -- C:\Users\Kasia\Desktop\Screen.jpg
[2013-03-25 17:24:57 | 000,781,383 | ---- | M] () -- C:\Users\Kasia\Desktop\RSIT.exe
[2013-03-25 17:06:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kasia\Desktop\OTL.exe
[2013-03-25 14:09:33 | 000,726,512 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-03-25 14:09:33 | 000,645,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-03-25 14:09:33 | 000,157,616 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-03-25 14:09:33 | 000,123,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-03-25 13:31:42 | 001,941,217 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1403000.024\Cat.DB
[2013-03-25 13:29:28 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013-03-25 13:29:28 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013-03-25 13:29:28 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013-03-25 13:29:16 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013-03-24 13:18:09 | 000,078,848 | ---- | M] () -- C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-23 23:51:12 | 001,536,596 | ---- | M] () -- C:\Users\Kasia\Desktop\Argov Sherry - Dlaczego mezczyzni kochaja zolzy.pdf
[2013-03-22 19:04:20 | 026,504,568 | ---- | M] () -- C:\Users\Kasia\Desktop\Draus, Terlecki - Historia wychowania t.2.pdf
[2013-03-22 12:07:33 | 262,166,955 | ---- | M] () -- C:\Users\Kasia\Desktop\Bartnicka K., Szybiak I. - Zarys historii wychowania.pdf
[2013-03-22 11:59:43 | 023,625,288 | ---- | M] () -- C:\Users\Kasia\Desktop\Stulecie dziecka R.3 Wychowanie.pdf
[2013-03-16 07:30:42 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013-03-15 15:29:50 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Studenckie życie.lnk
[2013-03-13 01:43:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-03-13 01:43:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-03-06 13:44:33 | 315,992,531 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-03-25 21:02:43 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\VT20130115.021
[2013-03-25 20:32:06 | 000,609,993 | ---- | C] () -- C:\Users\Kasia\Desktop\adwcleaner_www.INSTALKI.pl.exe
[2013-03-25 20:31:37 | 000,139,264 | ---- | C] () -- C:\Users\Kasia\Desktop\SystemLook.exe
[2013-03-25 17:35:28 | 000,066,512 | ---- | C] () -- C:\Users\Kasia\Desktop\Screen.jpg
[2013-03-25 17:24:55 | 000,781,383 | ---- | C] () -- C:\Users\Kasia\Desktop\RSIT.exe
[2013-03-25 13:30:12 | 001,941,217 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\Cat.DB
[2013-03-25 13:29:34 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccsetx86.cat
[2013-03-25 13:29:34 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\ccSetx86.inf
[2013-03-25 13:29:34 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD03000.01A\isolate.ini
[2013-03-25 13:29:28 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013-03-25 13:29:28 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013-03-25 13:29:16 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013-03-25 13:28:34 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.inf
[2013-03-25 13:28:34 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.inf
[2013-03-25 13:28:34 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNetV.inf
[2013-03-25 13:28:34 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNet.inf
[2013-03-25 13:28:34 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.inf
[2013-03-25 13:28:34 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.inf
[2013-03-25 13:28:34 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\symELAM.inf
[2013-03-25 13:28:34 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\ccSetx86.inf
[2013-03-25 13:28:34 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\Iron.inf
[2013-03-25 13:28:17 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymVTcer.dat
[2013-03-25 13:28:17 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymELAM.cat
[2013-03-25 13:28:17 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\symnetv.cat
[2013-03-25 13:28:17 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\ccsetx86.cat
[2013-03-25 13:28:17 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymNet.cat
[2013-03-25 13:28:17 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\iron.cat
[2013-03-25 13:28:17 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymEFA.cat
[2013-03-25 13:28:17 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtspx.cat
[2013-03-25 13:28:17 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\SymDS.cat
[2013-03-25 13:28:17 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\srtsp.cat
[2013-03-25 13:28:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1403000.024\isolate.ini
[2013-03-23 23:51:02 | 001,536,596 | ---- | C] () -- C:\Users\Kasia\Desktop\Argov Sherry - Dlaczego mezczyzni kochaja zolzy.pdf
[2013-03-23 15:28:46 | 026,504,568 | ---- | C] () -- C:\Users\Kasia\Desktop\Draus, Terlecki - Historia wychowania t.2.pdf
[2013-03-22 12:00:39 | 262,166,955 | ---- | C] () -- C:\Users\Kasia\Desktop\Bartnicka K., Szybiak I. - Zarys historii wychowania.pdf
[2013-03-22 11:59:06 | 023,625,288 | ---- | C] () -- C:\Users\Kasia\Desktop\Stulecie dziecka R.3 Wychowanie.pdf
[2013-03-15 15:29:50 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Studenckie życie.lnk
[2013-02-20 21:32:58 | 000,009,014 | ---- | C] () -- C:\Users\Kasia\AppData\Local\recently-used.xbel
[2013-01-17 21:41:44 | 000,019,851 | ---- | C] () -- C:\Users\Kasia\AppData\Roaming\UserTile.png
[2012-09-19 16:28:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012-09-19 16:27:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012-07-31 14:32:45 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012-07-13 20:51:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-12-26 01:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011-12-25 20:14:59 | 000,716,813 | ---- | C] () -- C:\Windows\unins000.exe
[2011-12-25 20:07:59 | 000,301,223 | ---- | C] () -- C:\Windows\unins000.dat
[2011-12-25 20:01:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011-12-25 14:41:00 | 000,000,767 | ---- | C] () -- C:\Users\Kasia\EPSON Scan.lnk
[2011-11-27 16:59:05 | 000,036,864 | ---- | C] () -- C:\Windows\StmClean.exe
[2011-11-10 00:17:38 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2011-05-25 16:10:26 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011-03-28 11:45:45 | 000,000,137 | ---- | C] () -- C:\Windows\disney.ini
[2011-03-28 11:45:08 | 000,000,183 | ---- | C] () -- C:\Windows\disneysy.ini
[2010-05-02 01:21:47 | 000,000,680 | ---- | C] () -- C:\Users\Kasia\AppData\Local\d3d9caps.dat
[2010-01-10 16:48:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009-11-20 17:37:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-11-20 15:14:27 | 000,078,848 | ---- | C] () -- C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012-07-30 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012-07-30 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\AnvSoft
[2011-07-07 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Ashampoo
[2012-07-30 20:34:18 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\avidemux
[2013-02-26 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\BESTplayer
[2012-05-08 01:09:20 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\BitComet
[2009-11-28 18:24:03 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\DAEMON Tools Lite
[2011-03-28 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Desperate Housewives
[2011-12-25 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Epson
[2012-07-30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2011-04-27 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Gadu-Gadu 10
[2010-10-18 12:45:01 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\GameHouse
[2012-09-23 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\GOL_byHasbro
[2010-10-30 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\gtk-2.0
[2009-11-20 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\InterVideo
[2012-07-30 22:17:40 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\iOrgsoft
[2012-07-30 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\MAGIX
[2009-11-20 17:01:06 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\OpenFM
[2013-03-15 15:32:25 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Origin
[2013-01-17 21:41:43 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\PeerNetworking
[2010-03-28 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\pl.TribalDDB.WidgetLipton
[2011-11-03 12:12:43 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\ProtectDISC
[2012-03-14 22:57:31 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Samsung
[2011-05-25 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\SoftMaker
[2012-11-11 15:42:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Techland
[2010-02-19 19:10:47 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Template
[2011-08-09 15:54:36 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Thinstall
[2009-11-21 01:37:11 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\WildTangent
[2012-09-19 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Kasia\AppData\Roaming\Windows Live Writer
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

[/log]

Extras:


[log]OTL Extras logfile created on: 2013-03-26 12:45:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kasia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,93 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 57,02% Memory free
6,06 Gb Paging File | 4,84 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 71,43 Gb Free Space | 32,05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: KASIA-PC | User Name: Kasia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDA1B74-96A8-48FD-9F55-B2C68379F693}" = rport=137 | protocol=17 | dir=out | app=system |
"{1287BE74-4396-4EEA-9489-71770657687F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C05CFB4-7A8D-4138-A524-101B7468B4B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E823C07-FBC9-42CB-8651-62C42ECC0FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25892806-4E5A-42A3-A918-790B5CCB1E56}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39799EF2-E9D8-444B-B91E-10587C0326F9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5A6667E8-FAC9-4DF6-B70B-B81D01EF19F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{684441B7-8670-4215-B941-CA08B2D26577}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{709D619E-8FC3-4CF3-BCFB-0DA1B3743227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72D0EE57-8184-4502-9D45-86995A747250}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75BA060B-926B-43EA-AF32-29F9AACF352C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E6E6F29-CE7B-4F06-ACC9-2E2A31222156}" = lport=2869 | protocol=6 | dir=in | app=system |
"{981B076E-6994-458D-8B98-95AAC77D3A05}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3D49045-D837-48D2-959B-F038616A3C71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A66EC303-3AAD-4722-B34B-1C7C686966D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B63B1C7C-F198-44A4-82DA-511B5B2EE0DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B92E9C9C-B184-460A-9F05-E35C4AFF8D67}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD8EA4D3-857E-4EBF-A386-87BD1A53401E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAF48782-34D0-452B-84A5-314861CA71BC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD6947FD-6037-4C77-9D1D-21CB7FFF20BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{E74A0E60-D2BE-465F-82BC-8AB78BDF8C8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE44A019-BD92-4CD9-96DD-BB7922B5915D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F71E0B25-0C8C-4B3E-8B75-E1E0ED995E7E}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB55B525-B20D-404E-BF71-BE87D9F0A67D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05632EA6-ACB4-4E3A-9C7A-96CFA4525657}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0FB84AAE-093D-4AF6-A696-EABB6A318F82}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1495130B-98A8-407A-B541-AF8D186CC24C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17227E8B-846B-41BE-BB6F-8E156DB5304B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C06770D-B512-46B6-BBC9-CD625008BA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8E264F-EF6E-440A-84AF-53019C68C701}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8A51BE-814C-4E1B-A045-6C8DA54E73D4}" = protocol=17 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"{1EE82C6D-3AE2-4E96-8E00-E9FF4C311A7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21B4451E-2201-4D83-ACE2-F97AEA3DD200}" = protocol=6 | dir=in | app=d:\release\orange.exe |
"{269383C0-B49B-4EAD-8D6E-75F8E729F48B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2722B3B7-B21D-44BB-9620-6E96765A4090}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D7DEADD-0E1F-41F9-8C65-0F4173722E10}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35BCEDCC-6616-4822-8CD3-E83947F3A703}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45A6B5A1-8A69-42A7-A1A3-5B5A1CE36001}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5350C43E-BFC9-4E07-AEC2-A4EDC0BBDE06}" = protocol=17 | dir=in | app=c:\users\kasia\downloads\videoconvertersetup.exe |
"{57F04511-C495-4BE3-BB3D-DEFCF7FF4F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6081A98F-8386-4087-914B-11A08A123126}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{611AA4B5-EFA1-4FE4-9A62-505A336CC01F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{66ABE979-2890-4E17-AA55-A50300441317}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{72A8D00A-B6FC-44D7-A0E7-1C1D7D7D86EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{73176B8E-0AC7-44FF-8ACF-E38B4B05AA1B}" = protocol=6 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"{75769EE7-08AF-47DC-B428-35087A335BF4}" = protocol=17 | dir=in | app=d:\release\orange.exe |
"{7AF251DB-25C6-4067-B8D8-840D45FB5D26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F6BC29-56B6-4AF7-BEB7-DED9E0788991}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{827294F5-8EC3-4559-AB2B-A2C21351D553}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{82DEE76C-09D8-4A2D-83E2-868F6F90FB9E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{87CD9D0A-7E77-4902-AA3B-57F24A1E1A19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{892E7D9C-73D4-4268-B376-FD1FC0972635}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B5B1C63-88DE-4026-BD4E-758AC5C2AF80}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{97A4BE55-F5A0-4E78-9E50-E755D6711340}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9BD6C0C0-FF91-4C21-8C7A-9F7973D43B6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A7B77F70-4B02-4EEA-9435-581FAB53AA13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACA43155-AB54-425A-9F6B-E1CB20C72FB0}" = protocol=6 | dir=in | app=c:\users\kasia\downloads\videoconvertersetup.exe |
"{AE72AD78-B116-4C90-9335-BAB64506430E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B1702411-9FBA-4D6D-942F-D88F3E85F87B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B92D33C2-E32D-4242-B842-3BB20A78BE8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAB20793-53F5-4EB0-B0D6-476962134A9B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BD4E02D1-BF45-4255-B27B-0B3E55079641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDAB6725-F289-4B81-95F1-FF5BF0ACB582}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{BEC6F577-C17F-4587-A97C-D89626EFF3A7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BEE558AE-37AC-4C17-AB40-FCDF51E88606}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C34E56D1-CC52-4E70-92B9-D8D14A100480}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE19EC83-F2F4-45D5-B8AB-6506F135860B}" = protocol=6 | dir=out | app=system |
"{D26077A8-10C4-4B38-A2AA-8EA6262F8EE1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D89BA2B1-6D90-4E7E-917D-C4D38F996BA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E187F43A-5F09-4674-B969-D5A17D3A0AD4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E82F003F-FF8C-46FB-9FBC-EE319647BFCD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E90AFD5B-6728-48FD-AAFB-AC5C1C832CAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9D9C135-300F-4D2D-8494-3D3A5995227A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F19C0434-9F53-421D-9480-0B15DB9A1366}" = protocol=6 | dir=in | app=d:\release\orange.exe |
"{F2A31CA5-EF41-4350-B6D6-191CF4B5CD12}" = protocol=17 | dir=in | app=d:\release\orange.exe |
"TCP Query User{264304F3-20F4-487F-BFF3-7B4A7CC7B31C}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{2D917B6A-24E5-4932-AD53-9A990F1963A8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{3818DEBB-463C-4528-A566-5BE4911205F1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{50800942-BCDA-44E9-815E-5D9CCA843F6F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5D818891-7D0C-4836-B91C-EA5D1F82353E}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{A727C7EF-94E4-427B-B49C-315A35DD4451}C:\users\kasia\programy\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"TCP Query User{EC3214C7-7A38-4A62-A11E-3EE1EEA1C8ED}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=6 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"TCP Query User{F9E0B17B-A19C-41E0-ABA5-A0DC40FD5240}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=6 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"UDP Query User{0424EE81-3CFD-483B-872A-D90386B09D5D}C:\users\kasia\programy\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\users\kasia\programy\bitcomet\bitcomet.exe |
"UDP Query User{451FF5DC-5F65-4E32-A626-97066DF64071}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=17 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
"UDP Query User{49F6FFD0-07E3-4DC7-8F19-014074EEB9EC}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{8534547F-7FFD-446E-A2D2-3677A010E288}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{9D2F751A-D589-446E-ABEF-39DEFC0CBA57}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A3C23D71-6800-4835-B267-416C27FA7C2F}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{C9453275-F7CD-4C00-A4F1-736D300401DF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{FEBD908D-2301-4C2C-9EE8-219F71938E44}C:\program files\iq publishing\dance party\program\danceparty.exe" = protocol=17 | dir=in | app=c:\program files\iq publishing\dance party\program\danceparty.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Cztery pory roku
"{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD824F7-41B7-4D87-9D6D-B58CCA583439}_is1" = Karaoke for Fun - eXtra Hity
"{5CC4A526-F9C8-4911-B214-AC8AA3EE50D1}_is1" = Defrikz - Latino
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Średniowiecze
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{91013A60-09F1-48F1-A749-186FDF498E72}_is1" = Defrikz - Happy Day
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94B4E2D8-A184-415C-BF9E-F699D76466BD}" = Heroes of Might and Magic IV - Złota Edycja
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C3335EFB-008F-44DB-A87A-9EC8EE53D045}" = Windows Live Sync
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB28F26-D11B-426F-A415-AA95001BBF8C}}_is1" = Dance Party
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Pokolenia
"{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 Studenckie życie
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"BitComet" = BitComet 1.32
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"eMachines Screensaver" = eMachines ScreenSaver
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"EPSON SX130 Series Useg" = Przewodnik użytkownika EPSON SX130 Series
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"FormatFactory" = FormatFactory 2.96
"Gadu-Gadu 10" = Gadu-Gadu 10
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 pl)" = Mozilla Firefox 19.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mój Fitness" = Mój Fitness
"NapiProjekt_is1" = NapiProjekt 1.0.6.7
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"OpenAL" = OpenAL
"Origin" = Origin
"Pampers Zloty Sen_is1" = Pampers Zloty Sen
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"VLC media player" = VLC media player 2.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-935725864-1806392070-3744808875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JScreenFix deluxe" = JScreenFix deluxe
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksss.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksdb.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:02:54 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksCal.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-12 14:05:43 | Computer Name = Kasia-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd Orange.exe, wersja 0.0.0.0, sygnatura czasowa
 0x482d6307, moduł powodujący błąd Orange.exe, wersja 0.0.0.0, sygnatura czasowa
 0x482d6307, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000da1d,  identyfikator
 procesu 0xb4c, godzina rozpoczęcia aplikacji 0x01cbf93be1d81191.
 
Error - 2011-04-12 18:33:47 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksss.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\wksdb.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksWP.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error - 2011-04-14 16:09:07 | Computer Name = Kasia-PC | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\Installer\{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}\WksCal.exe".
Nie
 można odnaleźć zestawu zależnego msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0".
Użyj
 narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
[ OSession Events ]
Error - 2011-03-09 02:26:04 | Computer Name = Kasia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1795
 seconds with 840 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-03-19 09:03:27 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2013-03-23 08:02:53 | Computer Name = Kasia-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 12:56:11 na 2013-03-23 było nieoczekiwane.
 
Error - 2013-03-23 08:03:59 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2013-03-23 22:50:01 | Computer Name = Kasia-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2013-03-24 07:38:35 | Computer Name = Kasia-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 12:36:14 na 2013-03-24 było nieoczekiwane.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
Error - 2013-03-25 09:16:30 | Computer Name = Kasia-PC | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0.
 
Error - 2013-03-25 15:23:47 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2013-03-25 15:23:48 | Computer Name = Kasia-PC | Source = Service Control Manager | ID = 7031
Description =
 
 
< End of report >

[/log]

Z System Look wyskoczyło to:


[log]SystemLook 30.07.11 by jpshortstuff
Log created at 13:03 on 26/03/2013 by Kasia
Administrator - Elevation successful

========== file ==========

C:\Windows\system32\drivers\agpc6czh.sys - Unable to find/read file.

-= EOF =- [/log]

Log z USBFix z podłączonymi pendrive'ami:


[log]############################## | UsbFix V 7.118 | [Listing]

User: Kasia (Administrator) # KASIA-PC
Updated 24/03/2013 by El Desaparecido
Started at 13:06:38 | 26/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: eMachines  (eMachines E725  ) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz (2000)
RAM -> [Total : 3001 | Free : 1412]
BIOS: InsydeH2O Version V1.03
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Basic  (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.19088

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 223 Gb (71 Mb free - 32%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 91%) [SŁAWEK] # FAT32

################## | Listing |

[21/01/2010 - 19:07:21 | SHD ]     C:\$Recycle.Bin
[26/02/2013 - 21:52:55 | A | 1781]     C:\11.txt
[20/11/2009 - 15:32:52 | HD ]     C:\ACER
[25/03/2013 - 20:35:29 | A | 5398]     C:\AdwCleaner[S1].txt
[18/09/2006 - 22:43:36 | A | 24]     C:\autoexec.bat
[20/11/2009 - 11:26:09 | AD ]     C:\book
[19/09/2012 - 17:58:58 | SHD ]     C:\Boot
[10/04/2009 - 22:36:38 | RASH | 333257]     C:\bootmgr
[20/03/2009 - 07:32:56 | RAS | 8192]     C:\BOOTSECT.BAK
[18/09/2006 - 22:43:37 | A | 10]     C:\config.sys
[02/11/2006 - 13:59:44 | SHD ]     C:\Documents and Settings
[14/03/2013 - 22:11:42 | D ]     C:\Downloads
[20/03/2009 - 00:20:51 | D ]     C:\Intel
[25/11/2010 - 14:59:09 | A | 78]     C:\lxdn.log
[20/03/2009 - 00:34:12 | RHD ]     C:\MSOCache
[26/03/2013 - 11:57:05 | ASH | 3461591040]     C:\pagefile.sys
[21/01/2008 - 03:43:50 | D ]     C:\PerfLogs
[25/03/2013 - 20:35:22 | RD ]     C:\Program Files
[25/03/2013 - 20:23:55 | HD ]     C:\ProgramData
[20/03/2009 - 00:28:42 | A | 2469]     C:\RHDSetup.log
[25/03/2013 - 17:26:06 | D ]     C:\rsit
[13/07/2012 - 20:57:52 | A | 156]     C:\setup.log
[26/03/2013 - 12:00:57 | SHD ]     C:\System Volume Information
[19/03/2013 - 21:02:25 | D ]     C:\temp
[26/03/2013 - 13:06:40 | D ]     C:\UsbFix
[26/03/2013 - 13:06:40 | A | 2253]     C:\UsbFix [Listing 1 ] KASIA-PC.txt
[20/11/2009 - 11:12:06 | RD ]     C:\Users
[20/11/2009 - 11:24:05 | A | 388448]     C:\vcredist_x86.log
[06/03/2013 - 13:44:33 | D ]     C:\Windows
[25/03/2013 - 20:23:43 | D ]     C:\_OTL
[01/01/1995 - 01:00:00 | R | 44]     D:\Track01.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track02.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track03.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track04.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track05.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track06.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track07.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track08.cda

################## | E.O.F |

[/log]

Myślę panowie, że wirus dostał się także na komputer, gdyż problem pojawił się także na moim drugim komputerze. Sprobuję wytłumaczyć co mam na myśli: piszę teraz z komputera 1. To na nim pojawiły się kłopoty. Pendrive "A" podłaczyłem do komputera 1, a potem do komputera 2. Po wyjęciu pendrive'a "A" podłączyłem do komputera 2 pendrive "B", który nigdy wcześniej nie był podłączony do komputera 1. Problem zaczął występować także na komputerze 2, więc wygląda na to, że infekcja przeniosła się na kompa. Co o tym panowie sądzicie?
 

Zayfi
komentarz
komentarz

Czy możesz powtórzyć log z USBfix na sytemie z pierwszego kompa. Bo z tego co dostarczyłeś wynika że na pendrakach nic nie ma. Zapis loga końzy się na dysku D

 

01/01/1995 - 01:00:00 | R | 44]     D:\Track01.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track02.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track03.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track04.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track05.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track06.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track07.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track08.cda

a dyski wymienne są free

 

F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 91%) [SŁAWEK] # FAT32

czyli chyba je formatowałeś?

Karolas
komentarz
komentarz

A więc ponownie podłączyłem oba pendrive'y i po użyciu w USBFix opcji listing wyskoczyło mi to:

[log]############################## | UsbFix V 7.118 | [Listing]

User: Kasia (Administrator) # KASIA-PC
Updated 24/03/2013 by El Desaparecido
Started at 13:52:56 | 26/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: eMachines  (eMachines E725  ) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz (2000)
RAM -> [Total : 3001 | Free : 1442]
BIOS: InsydeH2O Version V1.03
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Basic  (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.19088

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 223 Gb (71 Mb free - 32%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 91%) [SŁAWEK] # FAT32

################## | Listing |

[21/01/2010 - 19:07:21 | SHD ]     C:\$Recycle.Bin
[26/02/2013 - 21:52:55 | A | 1781]     C:\11.txt
[20/11/2009 - 15:32:52 | HD ]     C:\ACER
[25/03/2013 - 20:35:29 | A | 5398]     C:\AdwCleaner[S1].txt
[18/09/2006 - 22:43:36 | A | 24]     C:\autoexec.bat
[20/11/2009 - 11:26:09 | AD ]     C:\book
[19/09/2012 - 17:58:58 | SHD ]     C:\Boot
[10/04/2009 - 22:36:38 | RASH | 333257]     C:\bootmgr
[20/03/2009 - 07:32:56 | RAS | 8192]     C:\BOOTSECT.BAK
[18/09/2006 - 22:43:37 | A | 10]     C:\config.sys
[02/11/2006 - 13:59:44 | SHD ]     C:\Documents and Settings
[14/03/2013 - 22:11:42 | D ]     C:\Downloads
[20/03/2009 - 00:20:51 | D ]     C:\Intel
[25/11/2010 - 14:59:09 | A | 78]     C:\lxdn.log
[20/03/2009 - 00:34:12 | RHD ]     C:\MSOCache
[26/03/2013 - 11:57:05 | ASH | 3461591040]     C:\pagefile.sys
[21/01/2008 - 03:43:50 | D ]     C:\PerfLogs
[25/03/2013 - 20:35:22 | RD ]     C:\Program Files
[25/03/2013 - 20:23:55 | HD ]     C:\ProgramData
[20/03/2009 - 00:28:42 | A | 2469]     C:\RHDSetup.log
[25/03/2013 - 17:26:06 | D ]     C:\rsit
[13/07/2012 - 20:57:52 | A | 156]     C:\setup.log
[26/03/2013 - 12:00:57 | SHD ]     C:\System Volume Information
[19/03/2013 - 21:02:25 | D ]     C:\temp
[26/03/2013 - 13:52:58 | D ]     C:\UsbFix
[26/03/2013 - 13:06:40 | A | 2939]     C:\UsbFix [Listing 1 ] KASIA-PC.txt
[26/03/2013 - 13:52:58 | A | 2326]     C:\UsbFix [Listing 2 ] KASIA-PC.txt
[20/11/2009 - 11:12:06 | RD ]     C:\Users
[20/11/2009 - 11:24:05 | A | 388448]     C:\vcredist_x86.log
[06/03/2013 - 13:44:33 | D ]     C:\Windows
[25/03/2013 - 20:23:43 | D ]     C:\_OTL
[01/01/1995 - 01:00:00 | R | 44]     D:\Track01.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track02.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track03.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track04.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track05.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track06.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track07.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track08.cda
[25/03/2013 - 17:33:46 | ASH | 0]     F:\autorun.inf
[25/03/2013 - 17:33:46 | SHD ]     F:\
[25/03/2013 - 17:33:46 | RASH | 4096]     F:\~$WM.FAT
[25/03/2013 - 17:33:46 | RASH | 2788]     F:\desktop.ini
[25/03/2013 - 17:33:46 | RASH | 201610]     F:\Thumbs.db
[25/03/2013 - 17:33:46 | A | 555]     F:\USB DISK (4GB).lnk
[25/03/2013 - 14:06:10 | ASH | 0]     G:\autorun.inf
[25/03/2013 - 14:06:10 | SHD ]     G:\
[25/03/2013 - 14:06:10 | RASH | 4096]     G:\~$WFCBHG.FAT
[25/03/2013 - 14:06:10 | RASH | 3060]     G:\desktop.ini
[26/03/2013 - 13:51:36 | RSH | 226823]     G:\Thumbs.db
[25/03/2013 - 14:06:10 | A | 563]     G:\SŁAWEK (8GB).lnk

################## | E.O.F |

[/log]

A co do formatowania, wygląda to tak, że pendrive 4GB był formatowany przez moją dziewczynę, ale na pendrive 8GB są jakieś dane. Czy nowy log wniósł coś nowego?

Zayfi
komentarz
komentarz

Uruchom OTL > pendraki cały czas podpięte

 

W oknie Włąsne opcje skanowania /skrypt wklej:

 

:Files
G:\autorun.inf
F:\autorun.inf
G\*lnk
attrib /d /s -s -h G:\* /C

:Commands
[reboot]

Kliknij w Wykonaj skrypt.

 

Podaj czy widzisz już katalog sławek

Karolas
komentarz
komentarz

Po wykonaniu skryptu na pulpicie m.in pojawiły się ukryte ikony, a po wejściu na pendrive'a "Sławek" wyglądało to tak jak na załączonym screenie. Czy o to chodziło? Dodam, że po chwili wszystkie ukryte pliki i foldery z powrotem zniknęły. Natomiast po kliknięciu na skrót do pendrive'a znajdujący się na tym właśnie pendrivie otwiera się nowe okienko, w którym oprócz prawidłowej zawartości pojawił się nowy plik: itqpoi.exe.

Zayfi
komentarz
komentarz

daj nowy log z USBfix

Karolas
komentarz
komentarz

[log] ############################## | UsbFix V 7.118 | [Listing]

User: Kasia (Administrator) # KASIA-PC
Updated 24/03/2013 by El Desaparecido
Started at 15:15:42 | 26/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: eMachines  (eMachines E725  ) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz (2000)
RAM -> [Total : 3001 | Free : 1734]
BIOS: InsydeH2O Version V1.03
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Basic  (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.19088

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton AntiVirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 223 Gb (71 Mb free - 32%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 91%) [SŁAWEK] # FAT32

################## | Listing |

[21/01/2010 - 19:07:21 | SHD ]     C:\$Recycle.Bin
[26/02/2013 - 21:52:55 | A | 1781]     C:\11.txt
[20/11/2009 - 15:32:52 | HD ]     C:\ACER
[25/03/2013 - 20:35:29 | A | 5398]     C:\AdwCleaner[S1].txt
[18/09/2006 - 22:43:36 | A | 24]     C:\autoexec.bat
[20/11/2009 - 11:26:09 | AD ]     C:\book
[19/09/2012 - 17:58:58 | SHD ]     C:\Boot
[10/04/2009 - 22:36:38 | RASH | 333257]     C:\bootmgr
[20/03/2009 - 07:32:56 | RAS | 8192]     C:\BOOTSECT.BAK
[18/09/2006 - 22:43:37 | A | 10]     C:\config.sys
[02/11/2006 - 13:59:44 | SHD ]     C:\Documents and Settings
[14/03/2013 - 22:11:42 | D ]     C:\Downloads
[20/03/2009 - 00:20:51 | D ]     C:\Intel
[25/11/2010 - 14:59:09 | A | 78]     C:\lxdn.log
[20/03/2009 - 00:34:12 | RHD ]     C:\MSOCache
[26/03/2013 - 14:42:15 | ASH | 3461591040]     C:\pagefile.sys
[21/01/2008 - 03:43:50 | D ]     C:\PerfLogs
[25/03/2013 - 20:35:22 | RD ]     C:\Program Files
[25/03/2013 - 20:23:55 | HD ]     C:\ProgramData
[20/03/2009 - 00:28:42 | A | 2469]     C:\RHDSetup.log
[25/03/2013 - 17:26:06 | D ]     C:\rsit
[13/07/2012 - 20:57:52 | A | 156]     C:\setup.log
[26/03/2013 - 14:41:29 | SHD ]     C:\System Volume Information
[19/03/2013 - 21:02:25 | D ]     C:\temp
[26/03/2013 - 15:15:44 | D ]     C:\UsbFix
[26/03/2013 - 13:06:40 | A | 2939]     C:\UsbFix [Listing 1 ] KASIA-PC.txt
[26/03/2013 - 13:52:58 | A | 3631]     C:\UsbFix [Listing 2 ] KASIA-PC.txt
[26/03/2013 - 15:15:44 | A | 2399]     C:\UsbFix [Listing 3 ] KASIA-PC.txt
[20/11/2009 - 11:12:06 | RD ]     C:\Users
[20/11/2009 - 11:24:05 | A | 388448]     C:\vcredist_x86.log
[06/03/2013 - 13:44:33 | D ]     C:\Windows
[25/03/2013 - 20:23:43 | D ]     C:\_OTL
[01/01/1995 - 01:00:00 | R | 44]     D:\Track01.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track02.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track03.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track04.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track05.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track06.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track07.cda
[01/01/1995 - 01:00:00 | R | 44]     D:\Track08.cda
[25/03/2013 - 17:33:46 | SHD ]     F:\
[26/03/2013 - 14:46:44 | RASH | 3072]     F:\~$WLXRNLMWK.FAT
[26/03/2013 - 14:46:44 | RASH | 3986]     F:\desktop.ini
[26/03/2013 - 14:46:44 | RASH | 226823]     F:\Thumbs.db
[26/03/2013 - 14:46:44 | A | 569]     F:\USB DISK (4GB).lnk
[25/03/2013 - 14:06:10 | SHD ]     G:\
[26/03/2013 - 14:46:44 | RASH | 3072]     G:\~$WERZV.FAT
[26/03/2013 - 14:46:44 | RASH | 3848]     G:\desktop.ini
[26/03/2013 - 14:46:44 | RASH | 226823]     G:\Thumbs.db
[26/03/2013 - 14:46:44 | A | 561]     G:\SŁAWEK (8GB).lnk

################## | E.O.F |

[/log]

Zayfi
komentarz
komentarz

Uruchom OTL i wklej skrypt

 

:Files
F:\~$WLXRNLMWK.FAT
F:\desktop.ini
F:\Thumbs.db
G:\desktop.ini
G:\~$WERZV.FAT
G:\Thumbs.db
F:\*.lnk
F:\*lnk
attrib /d /s -s -h G:\* /C
attrib /d /s -s -h F:\* /C

Kliknij w Wykonaj skrypt

 

 

na tym właśnie pendrivie otwiera się nowe okienko, w którym oprócz prawidłowej zawartości pojawił się nowy plik: itqpoi.exe.

 

Gdzie bo jakoś go nie widać? Podaj ścieżkę do pliku

Karolas
komentarz
komentarz

Raport z wykonania skryptu:

[log]========== FILES ==========
F:\~$WLXRNLMWK.FAT moved successfully.
F:\desktop.ini moved successfully.
F:\Thumbs.db moved successfully.
G:\desktop.ini moved successfully.
G:\~$WERZV.FAT moved successfully.
G:\Thumbs.db moved successfully.
F:\USB DISK (4GB).lnk moved successfully.
File\Folder F:\*lnk not found.
< attrib /d /s -s -h G:\* /C >
C:\Users\Kasia\Desktop\cmd.bat deleted successfully.
C:\Users\Kasia\Desktop\cmd.txt deleted successfully.
< attrib /d /s -s -h F:\* /C >
C:\Users\Kasia\Desktop\cmd.bat deleted successfully.
C:\Users\Kasia\Desktop\cmd.txt deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03262013_193658

[/log]

Spróbuję wytłumaczyć o co chodzi z tym plikiem itqpoi.exe, niestety teraz to wszystko się skomplikowało. Przed wykonaniem ostatniego skryptu plik itqpoi.exe znajdował się w Moj komputer -> Slawek (G:) -> Slawek 8GB (czyli ten nieszczesny skrot powstaly na pendrive) ->(tu znajdowal sie prawidlowy folder "szkolenie" i ten plik itqpoi.exe)
Teraz po wykonaniu skryptu po wejsciu w Moj komputer -> Slawek (G:) -> pojawia sie oprocz skrotu ikonka folderu bez zadnej nazwy (zalaczam screena [screen1])
Po wejsciu w ten folder mam to: (screen2) Po wykonaniu ostatniego skryptu to wlasnie tutaj pojawil sie ten plik itqpoi.exe, lecz juz go nie ma, poniewaz zaraz po wejsciu w ten folder wykryl go moj norton i usunal (screen3)
Po próbie wejscia w skrot "Slawek 8GB" wyskakuje mi komunikat: (screen4)
Ponadto wyskoczylo mi jeszcze takie okienko z nortona: (screen5)
Dodam jeszcze, ze na drugim pendrive (tym, ktory byl kiedys tam formatowany) po wejsciu w niego z Mojego Komputera, znajduje sie tylko folder bez zadnej nazwy, taki jak na screenie 1. Skrot pendrive'a zniknal.

Mam nadzieje, ze da sie cos z tego zrozumiec, ale tak jak mowilem, to dosyc zawile sie zrobilo :/

Zayfi
komentarz
komentarz

Slawek 8GB (czyli ten nieszczesny skrot powstaly na pendrive) ->(tu znajdowal sie prawidlowy folder "szkolenie" i ten plik itqpoi.exe)

Tego nie było w logach. Jeśli chodzi o obrazek nr 4 to czy to Twóje pliki G:\~$WERZV.FAT   i F:\~$WLXRNLMWK.FAT ?

 

Jeśli tak, znajdziesz je w kwarantannie OTL  C:\_OTL i możesz je przywrócić. Skąd te skróty? Ja na żadnym pendraku nie mam skrótów do folderów i plików

 

usuń z kwarantanny Nortona ten plik itqpoi.exe

Karolas
komentarz
komentarz

Ja takich plików nie kojarzę, w C:\_OTL tez ich nigdzie nie widzialem. Plik itqpoi.exe usunalem z kwarantanny. Oba pendrive'y odlaczylem i znowu podlaczylem do komputera. No i na jednym nie pojawia sie juz skrot, tylko wciaz pozostaje ten dziwny folder bez nazwy, a na drugim pendrive skrot jest nadal. Moze powinienem sformatowac oba pendrive'y i zobaczyc czy ten dziwny folder, a na drugim skrot znikna i czy nie pojawia sie od nowa po ponownym podlaczeniu? Co powinienem teraz zrobic?

Zayfi
komentarz
komentarz

zrobimy inaczej

 Oba pendraki mają być podpiete

 

Start > polecenie uruchom > wpisz   cmd

 

w oknie konsoli wklej  komendę

 

DIR /S G:\ >C:\LOG1.TXT

klik enter

 

potem druga komenda

DIR /S F:\ >C:\LOG2.TXT

 

Na dysku C powstaną dwa logi   (LOG!.txt i LOG2.txt) dołacz je do posta

Karolas
komentarz
komentarz

po wklejeniu kazdej z komend pojawil sie w oknie konsoli napis "odmowa dostepu", a na dysku C nie powstaly zadne logi, a przynajmniej ja zadnych nie widze :/

Zayfi
komentarz
komentarz

To inacze Star > Wszystkie programy > akcesoria > wiersz polecenia

 

PPM na wiersz polecenia > uruchom jako administrator i wtedy komendy

Karolas
komentarz
komentarz

Tak, tym razem się udało, więc załączam powstale logi:

LOG1

[log] Wolumin w stacji G to SťAWEK
 Numer seryjny woluminu: 31A1-879B

 Katalog: G:\

2013-03-25  14:06    <DIR>          ˙
2013-03-26  14:46               561 SťAWEK (8GB).lnk
               1 plik(˘w)                561 bajt˘w

 Katalog: G:\˙

2013-03-25  14:06    <DIR>          .
2013-03-25  14:06    <DIR>          ..
2012-09-25  17:58    <DIR>          E163_szkolenie
2013-03-26  14:46               126 desktop.ini
               1 plik(˘w)                126 bajt˘w

 Katalog: G:\˙\E163_szkolenie

2012-09-25  17:58    <DIR>          .
2012-09-25  17:58    <DIR>          ..
2004-10-07  20:41           474˙357 163 - 1 TRAK¬Ní OBVOD.jpg
2004-10-04  22:57           339˙499 163 - 2 POMOCN POHONY.jpg
2012-09-11  18:30        28˙959˙744 Kabina+uruch.pps
2006-04-17  12:43            40˙860 leva strana elektroniky.pdf
2012-09-11  18:32         7˙434˙240 MASZYNOWY korytarz.pps
2012-09-11  18:34        20˙052˙992 MECHANICZNA.pps
2012-09-14  10:36         6˙199˙296 polonizacja 163.pps
2006-06-18  11:29           452˙608 Popis 163 PL.doc
2012-07-19  22:37         6˙170˙655 skoda 163 kabina.pdf
2012-02-17  17:56           602˙362 skoda_163_pl.pdf
2006-04-17  12:39           243˙464 STAN, strojovna, elektronika.pdf
2007-10-09  13:22            40˙960 URUCHOMIENIE LOKOMOTYWY.doc
2007-09-11  10:38        10˙860˙544 Urzadzenie WS,nastawniki.pps
2012-09-25  17:59    <DIR>          Kusovnˇk 163 polsky
2012-09-25  17:59    <DIR>          Instrukcja
2012-09-25  17:42    <DIR>          Ryn 2012
              13 plik(˘w)         81˙871˙581 bajt˘w

 Katalog: G:\˙\E163_szkolenie\Kusovnˇk 163 polsky

2012-09-25  17:59    <DIR>          .
2012-09-25  17:59    <DIR>          ..
2007-09-12  12:41           163˙328 Seznam pýˇstroj…1.xls
2007-09-12  12:41           142˙336 Seznam pýˇstroj…2.xls
               2 plik(˘w)            305˙664 bajt˘w

 Katalog: G:\˙\E163_szkolenie\Instrukcja

2012-09-25  17:59    <DIR>          .
2012-09-25  17:59    <DIR>          ..
2012-02-17  17:59         7˙730˙825 ilustrowana_instrukcja_e163_cz1.pdf
2012-02-17  17:59         8˙698˙768 ilustrowana_instrukcja_e163_cz2.pdf
2012-02-17  18:00         7˙862˙820 ilustrowana_instrukcja_e163_cz3.pdf
2012-02-17  18:00         8˙896˙901 ilustrowana_instrukcja_e163_cz4.pdf
2012-02-17  18:00         1˙721˙344 slownik_polsko_-_czeski.doc
               5 plik(˘w)         34˙910˙658 bajt˘w

 Katalog: G:\˙\E163_szkolenie\Ryn 2012

2012-09-25  17:42    <DIR>          .
2012-09-25  17:42    <DIR>          ..
2010-05-21  17:50        60˙116˙810 CLIP0131.MP4
2010-05-21  18:43        46˙015˙858 CLIP0132.MP4
2010-05-21  18:45        13˙675˙337 CLIP0133.MP4
2010-05-21  18:47        14˙832˙634 CLIP0134.MP4
2010-05-21  19:01        34˙066˙335 CLIP0135.MP4
2010-05-21  19:01        10˙797˙140 CLIP0136.MP4
2010-05-21  19:08        59˙170˙962 CLIP0144.MP4
2010-05-21  19:13        65˙178˙422 CLIP0145.MP4
2010-05-21  19:14        32˙880˙491 CLIP0146.MP4
2010-05-21  19:15        15˙321˙541 CLIP0147.MP4
2010-05-21  19:15        19˙244˙066 CLIP0148.MP4
2010-05-21  19:19        39˙912˙909 CLIP0149.MP4
2010-05-21  19:22        45˙126˙592 CLIP0150.MP4
2010-05-21  19:23        14˙344˙973 CLIP0151.MP4
2010-05-22  00:19        68˙554˙414 CLIP0152.MP4
2010-05-21  19:02         1˙290˙247 PICT0143.JPG
2010-05-21  19:01         1˙274˙594 PICT0137.JPG
2010-05-21  19:01         1˙287˙960 PICT0138.JPG
2010-05-21  19:01         1˙276˙598 PICT0139.JPG
2010-05-21  19:01         1˙281˙360 PICT0140.JPG
2010-05-21  19:02         1˙283˙028 PICT0141.JPG
2010-05-21  19:02         1˙280˙270 PICT0142.JPG
              22 plik(˘w)        548˙212˙541 bajt˘w

     Razem wymienionych plik˘w:
              44 plik(˘w)        665˙301˙131 bajt˘w
              15 katalog(˘w)   7˙057˙129˙472 bajt˘w wolnych

[/log]

LOG2:

[log] Wolumin w stacji F to USB DISK
 Numer seryjny woluminu: DCF6-2FE5

 Katalog: F:\

2013-03-25  17:33    <DIR>          ˙
               0 plik(˘w)                  0 bajt˘w

 Katalog: F:\˙

2013-03-25  17:33    <DIR>          .
2013-03-25  17:33    <DIR>          ..
2013-03-26  14:46               126 desktop.ini
               1 plik(˘w)                126 bajt˘w

     Razem wymienionych plik˘w:
               1 plik(˘w)                126 bajt˘w
               3 katalog(˘w)   4˙001˙382˙400 bajt˘w wolnych

[/log]
 

Zayfi
komentarz
komentarz

Log 1 - przedstawia wszystkie pliki na pendraku G.

Usuń skrót do katalogu Sławek.

Karolas
komentarz
komentarz

Usunąłem ten skrót. Wygląda na to, że wszystko wróciło do normy. Na pendrive'ach nie pojawiają się już żadne niepożądane skróty. Czy powinienem przeprowadzić jeszcze jakieś działania końcowe na komputerze czy to już wszystko?

Zayfi
komentarz
komentarz

Czy powinienem przeprowadzić jeszcze jakieś działania końcowe na komputerze czy to już wszystko?

1. Uruchom OTL i kliknij Sprzątanie.

2. Uruchom USBfix i kliknij Unistall

 

3. Wyczyść foldery Przywracania systemu

Panel sterowania > System i konserwacja  > System > Ochrona systemu

Wymagane są uprawnienia administracyjne i należy zatwierdzić dialog UAC. Pojawi się lista dysków. Odznaczamy w boxach dyski objęte Przywracaniem systemu i zatwierdzamy dialog wyłączania Przywracania. Po chwili ponownie ptaszkujemy uprzednio odznaczone dyski, by włączyć ochronę.

Karolas
komentarz
komentarz

Ok, wykonałem wszystkie polecenia. Ogromnie dziękuję za pomoc w rozwiązaniu problemu!

 

Zamykam.

Tomek01

Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Zarejestruj się lub zaloguj, aby dodać nowy temat albo zadaj pytanie bez logowania
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.