Walkerowy
-
Postów
172 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez Walkerowy
-
-
Dzięki pomogło ;-)
-
A mógłby mi ktoś poradzić jak skasować pliki Identity-H i Identity-V z folderu \adobe\Reader\Resource\CMap\ ?
-
Faktycznie musisz być bardzo doświadczony i zaawansowany, skoro używasz samej zapory połączonej Eest O-S i CCleanerem...nie powiem...skutecznie się zabezpieczyłeś
Szczerze mówiąc nie uwierzyłbym do końca tylko takiej i tak naprawdę jednej warstwie ochrony...no dobra dwóch.Informatykiem nie jestem, jedynie jak większość ludzi korzystam z komputerów. Jako dowód na to, że można uwierzyć takiej ochronie masz cały ten topic. Postanowiłem zdiagnozować poprzez wykwalifikowanych ludzi tak jak Ty czy Picasso czy z moim netbookiem wszystko gra i poza zaktualizowaniem javy wszystko jest w porządku.
Nie wspomniałeś co mi grozi, brakiem posiadania antywirusa. Ściągam bardzo mało plików, a w większości wszystkie pewne. Moje korzystanie z komputera nie stawia wysokich wymagań zabezpieczeniom. Poza tym jak mogłeś przeczytać w specyfikacjach mój netbook jest wyposażony jedynie w 1GB ramu i 1,6 GHz procesor.
Jeśli uważasz, że jednak powinienem zainteresować się PrivateFirewall'em, to powiedz mi, żebym zmienił comodo, a ja to zrobię. ;-)
Kończąc: uważam, że jednak z Twojej wypowiedzi wynika bardziej chęć pomocy, aniżeli skrytykowanie mojej decyzji, więc możesz raczej doradzić w zamian.
-
Ok dzięki. Stwierdziłem, że zbędny jest mi antywirus, bo jako takie już pojęcie o komputerach mam, od czasu do czasu jakaś diagnoza na fixitpc.pl i wszystko jak widać gra. Dziękuję i spróbuje wspomnianego firewalla.
EDIT: Jednak Comodo Firewall okazał się mniej pamięciożerny, a jako, że ma przyjemniejszy interfejs to w niego zainwestowałem przyszłość mojego netbooka.
-
Spróbuj uruchomić w następujących konfiguracjach: przy wyłączonym firewallu (to i tak nie zredukuje pewnych aktywności sterowników ZoneAlarm), w Trybie awaryjnym, odznaczając po kolei sekcje do skanu aż trafisz na tę która generuje problem (zacznij od odznaczenia IAT/EAT).
Zaraz po napisaniu tego posta wykonam to badanie i wrzucę wynik na forum.
Nie wykluczam ZoneAlarm jako przyczyny.
A czy jest dla niego jakaś mniej muląca alternatywa, choć i tak pracuje się z nim znacznie szybciej niż na avascie czy immunecie.
Jaki typ plików leży na tym dysku? Może pliki multimedialne (graficzne / audio-video)?
Generalnie połowa zajętego miejsca to filmy, a ogólnie partycja jest w połowie zapełniona filmy->25Gb, wszystko->50Gb, pojemność->100Gb
Dyskowi czasami zdarza się również dziwnie przeskakiwać.
GMER 1.0.15.15627 - http://www.gmer.netRootkit scan 2011-05-18 16:41:08
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC66G
Running: keo8bh62.exe; Driver: C:\DOCUME~1\Walker\USTAWI~1\Temp\uwtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA9FC2534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA9FBC782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA9FDB6DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA9FC2CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA9FD5EB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA9FD62A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA9FDF916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA9FC2DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA9FBD398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA9FDCFE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA9FDC93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA9FD4DF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA9FDD93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA9FDDB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA9FBCFAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA9FD81CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA9FD7DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA9FDE8D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA9FDE208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA9FC20F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA9FDF2A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA9FC27DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA9FBD75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA9FDEE12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA9FDC0C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA9FD6F0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA9FD6C86]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [C0, 2C, FC, A9, B4, 5E, FD, ...] {SHR BYTE [ESP+EDI*8], 0xa9; MOV AH, 0x5e; STD ; TEST EAX, 0xa9fd62a2}
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 8 Bytes [D2, E8, FD, A9, 08, E2, FD, ...] {SHR AL, CL; STD ; TEST EAX, 0xa9fde208}
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A9FC7672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A9FC5C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A9FC7CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A9FC74C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
-
Witam, posiadam netbooka Samsung N150P-KP01PL Specyfikacje ->.
Netbook jak widać, nie jest zbyt prędki, więc postanowiłem prowadzić go bez antywirusa, w zamian za firewall ZoneAlarm(free). Komputer co jakiś czas sprawdzam antivirem online (ESET) oraz regularnie defragmentuje po przekroczeniu progu 6% fragmentacji. Często korzystam z programu CCleaner.
Komputer wydaje się chodzić ociężalej i mniej wydajnie, a na domiar przy otwieraniu dysku D: prawie zawsze na krótką chwilę (3-8 sekund) zdarza mu się wieszać. Proszę o przeanalizowanie logów.
A właśnie odnośnie logów. Tu też jest problem, nie jestem w stanie uruchomić gmera, gdyż wyskakuje następujący błąd:
Oraz Security Check:
Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (x86 pl..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
ZoneAlarm zlclient.exe
``````````End of Log````````````
Pozdrawiam Walkerowy
-
Dziekuje, za pomoc.
-
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\User Config folder moved successfully.
OTL by OldTimer - Version 3.2.20.0 log created on 01312011_144902
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
EDIT: czy po tym zabiegu skasować folder D:\_OTL ?
EDIT2: Co to jest SoftwareMedia51.exe ? Zaznaczone i odnalezione przez Runscanner. Dodam, że nie jest to widoczne w ogóle na dysku D.
-
Tak usunąłem go z autostartu. A pliku userconf.exe nie da się usunąć i jest ukryty jako systemowy.
-
OTL.txt : http://wklej.org/id/466811/
Extras.txt : http://wklej.org/id/466812/
-
Witam ponownie,
niedawno zauważyłem nieznaną mi aplikację userconf.exe. Czy mógłby mi ktoś uświadomić co to takiego i czy jest to dla mnie groźne. Dodam, że aplikacja ta pojawiła się również w autostarcie.
-
No jest 10 sekund. Ale to nie jest złe :] Komfort pracy poprawił się po zainstalowaniu wszystkich komponentów z windows update. Póki co jeszcze sobie nad tym popracuje
. -
Folder minidump jest kompletnie pusty. Przyczyną może być użycie przeze mnie ccleaner'a.
Dwa: Wyłączanie komputera przyspieszyłem poprzez: klik
Trzy: Proponujesz odinstalowanie programów .NET?
I na dokładkę jak znajdę więcej czasu to popróbuje z programami zainstalowanymi bezpośrednio z windowsem czyli, te które oferował mi samsung. Czyli odinstaluje samsung speedup managera i sprawdze przez cpuiz czy procek posiada taktowanie stale rzedu 1,66GHz.
-
A więc kopie wykonałem oczywiście i wykonałem przywracanie stanu początkowego. Nie ma tu jak pewnie dobrze wiesz odtwarzacza CD, więc samsung recovery solution właśnie w ten sposób ratuje system. Po wykonaniu przywracania posiadasz komputer w takim stanie jakbyś zaraz zainstalował windowsa. Czyli odpowiadając na Twoje pytanie to jest całkowite przywracanie.
ETD wyłączyłem z autostartu i touchpad działa.
W gwoli ścisłości posiadam tą wersję : http://www.samsung.com/pl/consumer/pc-peripherals-prtinters/ultra-mobile-pc/mininotebooks/NP-N150-KP01PL/index.idx?pagetype=prd_detail
A i powiem szczerze, że tu nie chodzi o jakieś dobre gry, tylko po prostu Warcraft III a dokladnie jego mod i tyle. Wiadomo, ze netbook nie jest do grania, ale ta gra jest juz troche stara i poprzednio chodzila elegancko. Nvm, juz nie chodzi tu o gre tylko o optymalizacje tego sprzetu i bedzie git. Zrobie Log z OTL i zaraz podesle.
OTL LOG: http://wklej.org/id/450514/
OTL EXTRAS: http://wklej.org/id/450515/
EDIT: Przed chwilą podczas skanowania gmerem komputer zresetował się i windows poinformował mnie o poważnym błędzie systemu.
http://img810.imageshack.us/img810/8302/beztytuurg.jpg
EDIT2: LOG z GMER: http://wklej.org/id/450525/
-
Ja tam specjalnie nie widzę nic niepokojącego, a raczej wręcz minimalizm.
No jeśli netbook wyłączał się wcześniej w zaledwie 5 sekund. A tym razem jest już to nawet 30 sekund i więcej to nie jest zbyt przyjemne. Tym bardziej, że traci już swój sens bycia netbookiem, którego celem jest szybkie włączanie, wyłączenie i używanie do konkretnych celów.
Zakładka Logon:
1. Nie wiem czy faktycznie jest Ci potrzebny ETD Control center, ale to już kto co lubi - tutaj chodzi o ukrywanie nieaktywnych ikon w trayu?
2. Nie wiem czy potrzerbujesz, a może raczej korzystasz z oprogramowania Samsung Easy SpeedUp Manager? Ale to już w Twojej gestii.
Tu zaczyna się moja niewiedza:
Wcześniej wydawało mi się, że ETD Control center to program, bez którego nie będzie działał mi touch pad. Jeśli będzie działał bez zbędnego oprogramowania to chętnie się tego pozbędę.
I kolejna magiczna sprawa. Easy SpeedUp Manager. Powiedz mi - mam taki problem, sprawdzałem programem CPU-iZ taktowanie procesora i bardzo często wyglądało to tak, że mial 1000Mhz, a jak mi wiadomo, to niby on po prostu sobie sam dozuje kiedy będzie 1000 i niższe napięcie a kiedy 1,66GHz. Ja chciałbym mieć cały czas 1,66GHz i ten program wyrzucił w diabły. W biosie jest możliwość zmiany "Oszczędzanie energii przez procesor" : Enable/Disable no i nawet jak wyłącze to w windzie dalej da się zauważyć 1000MHz zmieniane raz kiedyś na 1666MHz.
Zakładka Services:
1. AppMgmt (Zarządzanie aplikacjami) możesz zdeaktywować, jeśli np. nękaja Cię błędy w dzienniku zdarzeń systemowym. Zakładam, że nadal masz XP Home.
https://www.fixitpc.pl/topic/43-archiwalny-services-uslugi-w-xp/#3
Patrz również ostatni post picasso w temacie Services - Usługi w XP na starych śmieciach (klik).
Dziennik zdarzeń systemowych może się przydać w najmniej oczekiwanym momencie, więc uważam, że w czarnej chwili może się przydać. Jeśli się mylę: popraw mnie.
EDIT: źle zrozumiałem to co próbowałeś mi przekazać. Przeczytałem te artykuły i moje pytanie brzmi, czy wyłączyć usługe w services.msc?
2. Nie wiem z czym się je usługę serwowaną przez SRS Labs, Inc. Ale to pewno będzie wracać jak włączysz dedykowane oprogramowanie.
SRS_WOWXT_Service Handles SRS WOW XT and TSXT Processing SRS Labs, Inc. c:\program files\srs labs\srs wow xt and tsxt\srs_postinstaller.exe
SRS Lab to swojego rodzaju korektor dźwiękowy. Ale nic nie stoi na przeszkodzie, żeby był uruchamiany osobno. Tylko niestety ja nie jestem na tyle rozwinięty z dziedziny informatyki, by móc cokolwiek samemu zdziałać. Jeśli nie masz przeciwwskazań to możesz mnie nakierować w stronę jak zrobić to oprogramowanie bardziej funkcjonalne.
Logi, które załączyłeś po Recovery (w treść postu) zawierały jeszcze avast!a. Przez Recovery rozumiem przywracanie systemu więc obawiam się, że niezbyt dokładnie Cię rozumiem.
Zresztą to nie istotne. Jeśli komuś będą potrzebne nowe logi to pewno o to poprosi.Chodzi o to, że to co opisywałem w tamtym topicu to przywracanie systemu było do jakiegoś stanu. A po tym wszystkim wykonałem kolejne przywracanie, ale tym razem było to jak gdyby zerowe. Czyli jakbym sformatowal c: i zainstalował winde na nowo.
Immunet Protect jak wieść gminna niesie to żadna ochrona jak nie ma dostępu do netu. Poza tym w grę wchodzi problem prywatności. I wydaje mi się, że jest podobny do omawianego w poniższym temacie (COMODO). A dokładniej chodzi o to, że pliki które prześlesz na ichniejszy serwer do analizy mogą przestać być Twoje (aczkolwiek nie znam zapisów licencyjnych).
https://www.fixitpc.pl/topic/2424-comodo-i-zbieranie-danych/
Korzystam z immunet protect, bo 'pożera' bardzo mało proca i pamięci w porównaniu do innych programów. A jak chce przesłać pliki do analizy to jest masa stron online, które zrobią mi to lepiej i większą ilością skanerów.
Sprawdź w jakim trybie pracuje dysk.
Dysk pracuje w trybie DMA i wszystko jest ok.
Ostatecznie mógłbyś pomóc mi w doprowadzeniu tego netbooka do stanu jaki był sprzed recovery. Będę serdecznie wdzięczny.
Pozdrawiam Walkerowy
-
Ten netbook ma jakąś nazwę?, bo coś nie mogę się tego dopatrzeć.
Generalnie chodzi mi o to czy do niego są nowsze sterowniki i czy je zainstalowałeś? I czy wszystko OK ze sterownikami w MU?Netbook Samsung N150 Plus. Sterowniki aktualizowane poprzez program Samsung Update Plus. W Menadżerze raczej wszystko gra.
Dokonałeś aktualizacji IE do wersji 8 zgodnie z sugestią picasso? W dzienniku zdarzeń systemowych miałeś m.in. błąd:
Być może z powodu, który opisuje poniższa lekturka.
http://support.microsoft.com/kb/981349/pl
Zacznij od deinstalacji avast!a - użyj firmowego deinstalatora.
Te informacje co były w poprzednim topicu są sprzed recovery. Przepraszam, że Cię zmyliłem, ale po tym recovery zrobiłem kompletne przywracanie systemu, czyli tak jakby format C:. I z tego nie mam już logów. Ale avasta nie ma a jest immunet.
Do analizy autostartu powinno Ci pomóc narzędzie Autoruns (post #8). W każdym bądź razie gdybyś przedstawił zrzutkę z niego bądź systemowego polecenia msconfig, ułatwiłoby to weryfikację bez śledzenia logów, które i tak są pewno dyćko nieaktualne.
https://www.fixitpc.pl/topic/333-menedzery-elementow-startowych-zaawansowane/
Wykonam analizę autostartu i wrzucę tu wyniki
Co do logów jak napisałem wyżej są kompletnie nieaktualne
Dodam teraz, że po recovery została wykonana aktualizacja z IE6 do IE8 oraz sterownika karty sieciowej i to wszystko. To są najnowsze sterowniki, gdyż netbook jest z października.
Pozdrawiam Walkerowy,
Jeśli potrzebne są jakieś logi to proszę pytać, a ja postaram się błyskawicznie je wykonać.
EDIT:
Dorzucam log z autoruns (txt załączony)
Tu link do arn:AutoRuns.arn
-
Miałem problem z netbookiem - skończyło się to tak: https://www.fixitpc.pl/topic/2416-problemy-po-uzyciu-combofixa/
Po wszystkich zabiegach, o których tam mowa czyli finalnie po wykonaniu przywracania całkowitego systemu zainstalowałem programy potrzebne do codziennego użytku i po pewnym czasie zauważyłem, że coś tu nie gra. Przed przywracaniem netbook jak na swoje parametry chodził wyśmienicie. Jego wyłączanie trwało zaledwie 5-10 sekund, gdy teraz wynosi 20-30 sekund, czyli okres wyłączania wydłużył się dość znacznie 300%-400%. Postanowiłem również sprawdzić jak komputer zachowuje się przy grze. Jedna jedyna gra, w którą grałem od czasu do czasu chodzi piekielnie źle, krótko mówiąc jest to pokaz slajdów, podczas gdy przed przywracaniem systemu chodziła płynnie i wystarczająco dobrze, żeby po prostu w nią grać(teraz nie ma takiej możliwości). Do tego wszelkie gry flash, filmiki youtube wszystko co zawiera w sobie ruch chodzi mozolnie i ociężale.
Dodam, że odkąd zrobiłem recovery to zainstalowałem aktualizacje Microsoft Update, gdyż uważałem, że uchroni mnie to przed moimi poprzednimi przygodami.(myślę, że to tu może być przyczyna)
Jako antywirusa posiadam program Immunet.
Proszę o pomoc. Konkretnie chodzi mi o wyeliminowanie wszelkich procesów, serwisów i czego tam jeszcze można, które nie będzie mi nigdy do niczego potrzebne, a tylko 'zasyfia' mój netbook. O wszelkie informacje proszę pytać w tym wątku.
Pozdrawiam Walkerowy
-
Ok w takim razie, czy po tych skanach mogę wykonać pełną kopię zapasową dysku C:?
-
BTW: mój netbook nie jest wyposażony w cd/dvd więc u mnie służy tylko recovery do ratowania systemu.
A to skrypt, po którym nie chciał się uruchomić netbook:
:Processes
killallprocesses
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
[2010-12-11 23:38:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Walker\Dane aplikacji\Mozilla\Firefox\Profiles\8cw6fb9h.default\searchplugins\conduit.xml
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:B623B5B8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:478FEFC3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:41099CE9
:Files
$RECYCLE.BIN /alldrives
RECYCLER /alldrives
C:\Documents and Settings\All Users\Dane aplikacji\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\*.job
:Commands
[emptytemp]
[start explorer]
[Reboot]
A teraz wrzucam logi z gmera i z OTL po zrobieniu Recovery.
OTL.txt :
OTL logfile created on: 2010-12-26 11:04:34 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = D:\Programy\Czyszczenie
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1 013,00 Mb Total Physical Memory | 536,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,32 Gb Total Space | 14,93 Gb Free Space | 37,02% Space Free | Partition Type: NTFS
Drive D: | 98,72 Gb Total Space | 62,78 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Computer Name: MICHAL | User Name: Walker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010-12-25 21:54:25 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- D:\Programy\utorrent\uTorrent.exe
PRC - [2010-10-28 20:05:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Programy\Czyszczenie\OTL.exe
PRC - [2010-09-15 00:08:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe
PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- D:\Programy\avast\AvastUI.exe
PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- D:\Programy\avast\AvastSvc.exe
PRC - [2010-05-20 12:43:26 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010-03-25 19:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010-03-24 04:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010-02-11 07:22:38 | 000,374,784 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010-01-19 10:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009-12-22 06:47:08 | 000,172,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2009-08-06 18:23:56 | 000,066,792 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010-10-28 20:05:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Programy\Czyszczenie\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-02-11 23:14:38 | 000,271,752 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDApix.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- D:\Programy\avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programy\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-08-06 18:23:56 | 000,066,792 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- (SRS_WOWXT_Service)
========== Driver Services (SafeList) ==========
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-07-28 14:56:20 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010-04-14 21:41:12 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010-04-01 00:25:36 | 000,109,056 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD)
DRV - [2010-03-31 17:20:20 | 000,911,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010-03-31 08:27:18 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2010-03-18 00:40:12 | 005,878,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-01-14 22:53:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009-11-18 23:13:04 | 000,556,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-11-18 23:12:56 | 000,118,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009-11-18 15:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 15:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-11-11 18:55:46 | 001,751,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009-09-28 10:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009-07-31 17:59:14 | 000,227,496 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009-07-01 10:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)
DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005-10-27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-152598387-3023877159-1122697960-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programy\Mozilla Firefox\components [2010-10-18 11:06:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2010-12-26 11:02:23 | 000,000,000 | ---D | M]
[2010-10-18 11:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\Mozilla\Extensions
[2010-12-25 16:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\Mozilla\Firefox\Profiles\8cw6fb9h.default\extensions
[2010-12-25 16:10:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Walker\Dane aplikacji\Mozilla\Firefox\Profiles\8cw6fb9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programy\adobe\Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\Programy\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EasySpeedUpManager] C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [EasySpeedUpManager2] C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager2.exe (Samsung Electronics)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [samsungWInClon] C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
O4 - HKLM..\Run: [sUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKU\S-1-5-21-152598387-3023877159-1122697960-1005..\Run: [batteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-152598387-3023877159-1122697960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-152598387-3023877159-1122697960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Walker\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walker\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-08-25 11:05:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2683d866-b044-11df-8b4e-002454713d32}\Shell - "" = AutoRun
O33 - MountPoints2\{2683d866-b044-11df-8b4e-002454713d32}\Shell\AutoRun\command - "" = D:\SoftwareMedia51.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-12-26 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-12-26 11:02:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-12-26 11:02:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-12-26 11:02:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-12-26 01:04:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010-12-25 23:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-12-25 22:24:32 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2010-12-25 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\PSCAD421Eval
[2010-12-25 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-12-25 22:13:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Walker\Recent
[2010-12-25 16:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Dane aplikacji\uTorrent
[2010-12-25 16:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Dane aplikacji\.purple
[2010-12-25 16:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Moje dokumenty\Walkerowy
[2010-12-25 16:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Moje dokumenty\strona
[2010-12-25 16:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Dane aplikacji\Runscanner.net
[2010-12-25 16:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Moje dokumenty\Pobieranie
[2010-12-25 16:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker\Pulpit\Pobieranie
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-12-26 10:40:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-26 10:40:00 | 1062,514,688 | -HS- | M] () -- C:\hiberfil.sys
[2010-12-25 23:57:48 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Walker\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-25 23:05:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\lmgrd.ini
[2010-12-25 22:05:58 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-12-25 16:56:06 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-12-25 16:20:51 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-25 16:16:58 | 000,002,635 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-12-25 16:12:28 | 000,000,233 | RHS- | M] () -- C:\boot.ini
[2010-12-25 16:02:04 | 000,492,228 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-12-25 16:02:04 | 000,433,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-25 16:02:04 | 000,085,058 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-12-25 16:02:04 | 000,068,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-25 14:52:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-23 19:22:05 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\Walker\Moje dokumenty\index.html
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-12-25 23:05:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lmgrd.ini
[2010-12-25 17:19:03 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010-12-25 17:14:08 | 1062,514,688 | -HS- | C] () -- C:\hiberfil.sys
[2010-12-25 16:56:06 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-12-08 21:44:37 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\Walker\Moje dokumenty\index.html
[2010-10-18 12:16:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Walker\Dane aplikacji\wklnhst.dat
[2010-10-18 11:23:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-10-17 18:05:20 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Walker\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-25 19:15:23 | 000,000,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010-08-25 14:33:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010-08-25 12:57:43 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-25 11:13:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2010-08-25 11:11:18 | 000,227,496 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2010-08-25 11:08:36 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2010-04-12 11:33:12 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009-09-28 10:22:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010-10-18 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-10-18 11:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2010-08-25 11:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SAMSUNG
[2010-10-18 11:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-12-26 00:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinClon
[2010-08-25 11:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WLAN
[2010-10-18 11:18:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Walker\Dane aplikacji\.#
[2010-12-26 01:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\.purple
[2010-10-18 11:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\OpenOffice.org
[2010-10-18 11:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\PlayFirst
[2010-12-25 16:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\Runscanner.net
[2010-12-26 11:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walker\Dane aplikacji\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:B623B5B8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:478FEFC3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:41099CE9
< End of report >
Extras.txt :
OTL Extras logfile created on: 2010-12-26 11:04:34 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = D:\Programy\Czyszczenie
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1 013,00 Mb Total Physical Memory | 536,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,32 Gb Total Space | 14,93 Gb Free Space | 37,02% Space Free | Partition Type: NTFS
Drive D: | 98,72 Gb Total Space | 62,78 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Computer Name: MICHAL | User Name: Walker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-152598387-3023877159-1122697960-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programy\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:80
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programy\utorrent\uTorrent.exe" = D:\Programy\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\PSCAD421Eval\bin\win\PSCAD.exe" = C:\Program Files\PSCAD421Eval\bin\win\PSCAD.exe:*:Enabled:PSCAD -- (Manitoba HVDC Research Centre)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBEBAAF-A363-458D-8D26-9F61AC98ACC3}" = SRS WOW XT and TSXT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 23
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{421E0F86-B87D-11D8-8496-0050BAC22C49}" = PSCAD 4.2.1 Student/Trial Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B64431-0409-11D5-8481-0050BAC22C49}" = EGCS 1.1.1 (GNU Fortran)
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51BED-E7D3-11DB-A386-005056C00008}" = WebCam SCB-0340N
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48BE301-EC78-4686-B580-EE4934558798}" = WIDCOMM Bluetooth Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"HDMI" = Intel® Graphics Media Accelerator Driver
"Karta sieciowa Broadcom 802.11" = Karta sieciowa Broadcom 802.11
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Pidgin" = Pidgin
"uTorrent" = µTorrent
"Winamp" = Winamp (remove only)
"WinRAR archiver" = Archiwizator WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2010-10-20 07:29:55 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-10-20 07:40:45 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 09:52:45 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 11:21:08 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 12:14:17 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 12:32:22 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 17:11:31 | Computer Name = MICHAL | Source = MsiInstaller | ID = 11905
Description = Produkt: Adobe Reader 9.4.0 - Polish -- Błąd 1905.Wyrejestrowanie
modułu D:\Programy\adobe reader\Reader\authplay.dll nie powiodło się HRESULT -2147220472.
Skontaktuj się z obsługą personelu.
Error - 2010-12-25 17:14:47 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-25 17:30:33 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2010-12-26 05:40:09 | Computer Name = MICHAL | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
[ System Events ]
Error - 2010-10-19 09:34:35 | Computer Name = MICHAL | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x800706ba: Aktualizacja zabezpieczeń
systemu Windows XP (KB981349).
Error - 2010-10-19 09:34:35 | Computer Name = MICHAL | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x800706ba: Aktualizacja dla systemu
Windows XP (KB951978).
Error - 2010-10-19 09:34:35 | Computer Name = MICHAL | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x800706ba: Aktualizacja systemu
Windows XP (KB970430).
Error - 2010-10-19 09:34:35 | Computer Name = MICHAL | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x800706ba: Aktualizacja dla systemu
Windows XP (KB2345886).
Error - 2010-12-25 11:52:55 | Computer Name = MICHAL | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
Błąd:
"%3"
wystąpił
podczas uruchamiania tego polecenia: "D:\Programy\adobe reader\Reader\AcroRd32Info.exe"
/PDFShell -Embedding
Error - 2010-12-25 11:52:55 | Computer Name = MICHAL | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
Błąd:
"%3"
wystąpił
podczas uruchamiania tego polecenia: "D:\Programy\adobe reader\Reader\AcroRd32Info.exe"
/PDFShell -Embedding
Error - 2010-12-25 12:13:10 | Computer Name = MICHAL | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi
netman z argumentami "" w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 2010-12-25 12:13:11 | Computer Name = MICHAL | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi
StiSvc z argumentami "" w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2010-12-25 12:13:18 | Computer Name = MICHAL | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi
EventSystem z argumentami "" w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2010-12-25 12:13:36 | Computer Name = MICHAL | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi
EventSystem z argumentami "" w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
PS: Log z gmera jest w trakcie generacji
EDIT: Log z gmera:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-26 11:37:20
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC66G
Running: pe04zk7l.exe; Driver: C:\DOCUME~1\Walker\USTAWI~1\Temp\uwtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA9E7BCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA9E7BBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA9E7C160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA9E7C08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA9E7B782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA9E7BC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA9E7B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA9E7B726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA9E7BDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9E7C22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA9E7BD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA9E7BEE6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9E88BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA9E889D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA9E88B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A9E88B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A9E889D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A9E845D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A9E85FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A9E88BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text D:\Programy\avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
PS: obawiam się, że avast nie chciał się kompletnie wyłączyć, dlatego jeśli GMER nie wykonał prawidłowego badania to prosze mnie upomnieć i pomoc w wylaczeniu avasta. :]
-
Picasso, ślicznie dziękuję. Twoja wiedza mnie onieśmiela. Muszę Cię niestety zmartwić, bo posłużyłem się radami z innego forum czego już teraz żałuje, bo netbook nie chciał się uruchomić... W tej chwili jestem po recovery i instaluje programy, które zostały usunięte podczas recovery. W tej chwili nie skorzystam z Twoich pomocy, ale jak tylko coś się wydarzy to będę już wiedział do kogo się zwrócić. Pozdrawiam
-
Zacznijmy od początku. Mój instynkt dostrzegł zainfekowanie komputera, hmm więc długo nie czekając uruchomiłem ComboFix'a.exe, lecz teraz po przeczytaniu wielu lektur wiem, że samodzielnie nie powinienem tego robić. Ale do rzeczy. Combofix skasował kilka plików(instynkt nie zawiódł), oto log z tejże operacji: http://wklej.org/id/444237/
Kolejno sprawdziłem runscanner'em.exe czy już wszystko ok, skasowałem wpisy z rejestru do brakujacych plikow no i chcialem usunac qoobox, ale... tu pojawil sie problem, bo nie mogę usunąć folderu backenv. Hmm... użyłem jeszcze raz combofixa(combofix nie był na pulpicie) no i uruchomiłem kompa ponownie i nie usunąłem backenv. W trybie awaryjnym to samo.
Do całego zgłoszenia zgłaszam logi:
OTL LOG : http://wklej.org/id/444195/
EXTRAS from OTL: http://wklej.org/id/444196/
RSIT LOG: http://wklej.org/id/444198/
info from RSIT: http://wklej.org/id/444200/
SilentRunners LOG: http://wklej.org/id/444207/
Pozdrawiam Walkerowy
EDIT: a jak już tu jestem to ktoś łaskawy mógłby mi wreszcie pomóc zoptymalizować tego netbooka, z góry dziękuje i przyznaje się z pokorą, że nie korzystałem z żadnego antywirusa. W tej chwili mam avasta.
Błąd WMI o identyfikatorze 10
w Windows 7
Opublikowano
Witam, po zainstalowaniu Win7 x64 napotkałem na oczekiwanie na reakcję w uruchamianiu programow. Oczekiwanie jest na tyle długie, że postanowiłem napisać o tym na forum. W poszukiwaniu przyczyn znalazłem błędy w dzienniku zdarzeń, które załączam do posta. Moje próby naprawy spełzły na ściągnięciu czegoś ze strony Microsoft, a to coś to WMITools. Proszę o pomoc i zoptymalizowanie komputera.
Podgląd zdarzeń:
http://www.speedyshare.com/files/29620432/logs.zip
OTL.txt:
OTL logfile created on: 2011-07-28 21:32:26 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\eMeM\Desktop\Pobieranie
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,89% Memory free
3,98 Gb Paging File | 2,69 Gb Available in Paging File | 67,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 62,83 Gb Free Space | 78,54% Space Free | Partition Type: NTFS
Drive D: | 152,79 Gb Total Space | 150,20 Gb Free Space | 98,31% Space Free | Partition Type: NTFS
Computer Name: EMEM | User Name: eMeM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-07-28 21:25:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe
PRC - [2011-07-08 09:50:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe
PRC - [2010-12-20 04:27:04 | 000,048,618 | ---- | M] (The Pidgin developer community) -- D:\Programy\Pidgin\pidgin.exe
========== Modules (SafeList) ==========
MOD - [2011-07-28 21:25:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\eMeM\Desktop\Pobieranie\OTL.exe
MOD - [2011-06-30 09:37:26 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007-02-06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011-06-30 09:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- D:\Programy\Comodo Antivirus\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011-06-30 09:38:08 | 000,016,016 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009-09-23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®
DRV:64bit: - [2009-06-10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Sterownik połączenia sieciowego Intel®
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-04-29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009-04-20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2008-04-24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008-03-28 02:06:00 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1658905300-985269091-2225506878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programy\Nowy folder\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-07-24 17:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins
[2011-07-24 17:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Extensions
[2011-07-24 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMeM\AppData\Roaming\mozilla\Firefox\Profiles\yrlniout.default\extensions
[2011-02-21 12:02:34 | 000,006,358 | ---- | M] () -- C:\Users\eMeM\AppData\Roaming\Mozilla\Firefox\Profiles\yrlniout.default\searchplugins\filmwebpl---filmy.xml
[2011-02-21 17:12:39 | 000,001,070 | ---- | M] () -- C:\Users\eMeM\AppData\Roaming\Mozilla\Firefox\Profiles\yrlniout.default\searchplugins\pwn---sownik-ortograficzny.xml
File not found (No name found) --
() (No name found) -- C:\USERS\EMEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YRLNIOUT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-07-25 13:11:44 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Nowy folder\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programy\Comodo Antivirus\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-07-28 20:43:39 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools
[2011-07-28 20:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WMI Tools
[2011-07-28 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Runscanner.net
[2011-07-25 16:12:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011-07-25 16:12:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011-07-25 16:12:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011-07-25 16:12:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011-07-25 16:12:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011-07-25 16:12:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011-07-25 16:12:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011-07-25 16:12:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011-07-25 16:12:30 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011-07-25 15:27:36 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\hpqLog
[2011-07-25 15:22:44 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys
[2011-07-25 15:22:43 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll
[2011-07-25 15:22:42 | 000,011,264 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\CPQBttn64.sys
[2011-07-25 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2011-07-25 15:21:35 | 000,000,000 | ---D | C] -- C:\swsetup
[2011-07-25 13:13:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-07-25 13:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-07-25 13:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011-07-25 13:11:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-07-25 13:11:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-07-25 13:11:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-07-25 13:11:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-07-25 12:14:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-07-25 10:49:50 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Downloads
[2011-07-24 23:31:09 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011-07-24 23:02:58 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0
[2011-07-24 21:08:00 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\.purple
[2011-07-24 19:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011-07-24 19:08:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-07-24 19:08:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-07-24 19:05:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011-07-24 19:05:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011-07-24 19:05:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011-07-24 19:05:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-07-24 19:05:01 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011-07-24 19:05:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011-07-24 19:05:01 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011-07-24 19:05:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011-07-24 19:05:01 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011-07-24 19:05:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011-07-24 19:05:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011-07-24 19:05:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011-07-24 19:05:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011-07-24 19:05:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011-07-24 19:05:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011-07-24 19:05:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011-07-24 19:05:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011-07-24 19:05:00 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011-07-24 19:04:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011-07-24 19:04:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011-07-24 19:04:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011-07-24 19:04:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011-07-24 19:04:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011-07-24 19:04:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011-07-24 19:04:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011-07-24 19:04:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011-07-24 19:04:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011-07-24 19:04:58 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011-07-24 19:04:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011-07-24 19:04:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011-07-24 19:04:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011-07-24 19:04:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-07-24 19:04:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011-07-24 19:04:57 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011-07-24 19:04:57 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-07-24 19:04:57 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011-07-24 19:04:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011-07-24 19:04:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011-07-24 19:04:57 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011-07-24 19:04:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011-07-24 19:04:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011-07-24 19:04:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011-07-24 19:04:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011-07-24 19:04:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011-07-24 19:04:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011-07-24 19:04:57 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011-07-24 19:04:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011-07-24 19:04:57 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011-07-24 19:04:57 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011-07-24 19:04:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011-07-24 19:04:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011-07-24 19:04:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011-07-24 19:04:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011-07-24 19:04:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011-07-24 19:04:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011-07-24 19:04:57 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011-07-24 19:04:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011-07-24 19:04:57 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011-07-24 19:04:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011-07-24 19:04:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011-07-24 19:04:56 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011-07-24 19:04:56 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011-07-24 19:04:56 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011-07-24 19:04:56 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011-07-24 19:04:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011-07-24 19:04:56 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011-07-24 19:04:56 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011-07-24 19:04:56 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011-07-24 19:04:56 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011-07-24 19:04:56 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011-07-24 19:04:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011-07-24 19:04:56 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011-07-24 19:04:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-07-24 19:04:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011-07-24 19:04:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011-07-24 19:04:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011-07-24 19:04:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011-07-24 19:04:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011-07-24 18:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2011-07-24 18:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011-07-24 17:51:03 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011-07-24 17:51:03 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011-07-24 17:51:03 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011-07-24 17:51:02 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011-07-24 17:51:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011-07-24 17:51:01 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011-07-24 17:51:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011-07-24 17:51:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011-07-24 17:51:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011-07-24 17:51:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011-07-24 17:51:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011-07-24 17:51:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011-07-24 17:51:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011-07-24 17:50:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011-07-24 17:50:54 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011-07-24 17:50:54 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011-07-24 17:50:54 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011-07-24 17:50:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011-07-24 17:50:19 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011-07-24 17:50:19 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011-07-24 17:50:12 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011-07-24 17:50:12 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011-07-24 17:50:05 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011-07-24 17:50:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011-07-24 17:49:59 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011-07-24 17:49:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011-07-24 17:49:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011-07-24 17:49:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011-07-24 17:49:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011-07-24 17:47:58 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011-07-24 17:47:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011-07-24 17:47:58 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011-07-24 17:47:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011-07-24 17:47:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011-07-24 17:47:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011-07-24 17:47:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011-07-24 17:47:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011-07-24 17:47:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011-07-24 17:47:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011-07-24 17:47:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011-07-24 17:47:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011-07-24 17:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011-07-24 17:20:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-07-24 17:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011-07-24 17:18:21 | 000,000,000 | ---D | C] -- C:\Users\eMeM\Desktop\Pobieranie
[2011-07-24 17:13:23 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-07-24 17:13:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-07-24 17:13:21 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011-07-24 17:13:21 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011-07-24 17:13:21 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011-07-24 17:13:20 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011-07-24 17:13:20 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011-07-24 17:13:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011-07-24 17:13:20 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011-07-24 17:13:20 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011-07-24 17:13:14 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-07-24 17:13:14 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-07-24 17:13:13 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-07-24 17:12:46 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011-07-24 17:12:46 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011-07-24 17:12:45 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011-07-24 17:12:45 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011-07-24 17:12:45 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011-07-24 17:12:45 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011-07-24 17:12:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011-07-24 17:12:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011-07-24 17:12:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011-07-24 17:12:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011-07-24 17:12:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011-07-24 17:12:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011-07-24 17:12:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011-07-24 17:11:45 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011-07-24 17:11:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011-07-24 17:11:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011-07-24 17:11:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011-07-24 17:11:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011-07-24 17:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011-07-24 17:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011-07-24 17:11:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011-07-24 17:11:30 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011-07-24 17:11:30 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011-07-24 17:11:30 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011-07-24 17:11:30 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011-07-24 17:11:30 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011-07-24 17:11:30 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011-07-24 17:11:30 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011-07-24 17:11:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011-07-24 17:11:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011-07-24 17:11:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011-07-24 17:11:14 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Mozilla
[2011-07-24 17:11:14 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\Mozilla
[2011-07-23 21:37:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-07-23 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Macromedia
[2011-07-23 21:19:07 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Adobe
[2011-07-23 21:19:01 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-23 21:19:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-07-23 20:49:06 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2011-07-23 20:49:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2011-07-23 20:47:29 | 000,000,000 | R--D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-07-23 20:47:29 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Searches
[2011-07-23 20:47:29 | 000,000,000 | R--D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-07-23 20:47:19 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Identities
[2011-07-23 20:47:16 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Contacts
[2011-07-23 20:47:14 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\VirtualStore
[2011-07-23 20:47:02 | 000,000,000 | --SD | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Videos
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Saved Games
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Pictures
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Music
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Links
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Favorites
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Documents
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\Desktop
[2011-07-23 20:47:02 | 000,000,000 | R--D | C] -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Ustawienia lokalne
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\AppData\Local\Temporary Internet Files
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Szablony
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\SendTo
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Recent
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\PrintHood
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\NetHood
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Documents\Moje wideo
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Documents\Moje obrazy
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Moje dokumenty
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Documents\Moja muzyka
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Menu Start
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\AppData\Local\Historia
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Dane aplikacji
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\AppData\Local\Dane aplikacji
[2011-07-23 20:47:02 | 000,000,000 | -HSD | C] -- C:\Users\eMeM\Cookies
[2011-07-23 20:47:02 | 000,000,000 | -H-D | C] -- C:\Users\eMeM\AppData
[2011-07-23 20:47:02 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\Temp
[2011-07-23 20:47:02 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Local\Microsoft
[2011-07-23 20:47:02 | 000,000,000 | ---D | C] -- C:\Users\eMeM\AppData\Roaming\Media Center Programs
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2011-07-23 20:46:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2011-07-23 20:41:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-07-23 20:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-07-23 20:38:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011-06-30 09:38:08 | 000,016,016 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011-06-30 09:37:26 | 000,363,560 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011-06-30 09:37:26 | 000,285,256 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
========== Files - Modified Within 30 Days ==========
[2011-07-28 21:37:07 | 001,048,576 | -HS- | M] () -- C:\Users\eMeM\NTUSER.DAT
[2011-07-28 21:36:05 | 001,450,256 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011-07-28 21:32:30 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-28 21:32:30 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-28 21:29:09 | 002,584,758 | ---- | M] () -- C:\Users\eMeM\Desktop\raport.html
[2011-07-28 21:24:05 | 000,392,945 | ---- | M] () -- C:\Users\eMeM\Desktop\logs.zip
[2011-07-28 21:06:46 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-07-28 21:06:46 | 000,697,912 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-07-28 21:06:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-07-28 21:06:46 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-07-28 21:06:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-07-28 20:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-28 19:56:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-07-28 19:56:05 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-26 19:09:53 | 001,340,394 | -H-- | M] () -- C:\Users\eMeM\AppData\Local\IconCache.db
[2011-07-25 13:11:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-07-25 13:11:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-07-25 13:11:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-07-25 13:11:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-07-25 11:47:23 | 000,001,043 | ---- | M] () -- C:\Users\eMeM\Desktop\dota.lnk
[2011-07-25 11:34:36 | 000,000,000 | -H-- | M] () -- C:\Users\eMeM\Documents\Default.rdp
[2011-07-24 20:00:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-24 19:11:15 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-07-24 19:05:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011-07-24 19:05:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011-07-24 19:05:01 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011-07-24 19:05:01 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-07-24 19:05:01 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011-07-24 19:05:01 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011-07-24 19:05:01 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011-07-24 19:05:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011-07-24 19:05:01 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011-07-24 19:05:01 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011-07-24 19:05:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011-07-24 19:05:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011-07-24 19:05:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011-07-24 19:05:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011-07-24 19:05:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011-07-24 19:05:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011-07-24 19:05:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011-07-24 19:05:00 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011-07-24 19:04:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011-07-24 19:04:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011-07-24 19:04:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011-07-24 19:04:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011-07-24 19:04:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011-07-24 19:04:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011-07-24 19:04:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-07-24 19:04:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011-07-24 19:04:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011-07-24 19:04:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011-07-24 19:04:58 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011-07-24 19:04:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011-07-24 19:04:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011-07-24 19:04:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011-07-24 19:04:58 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-07-24 19:04:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011-07-24 19:04:57 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011-07-24 19:04:57 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-07-24 19:04:57 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011-07-24 19:04:57 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011-07-24 19:04:57 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011-07-24 19:04:57 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011-07-24 19:04:57 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011-07-24 19:04:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011-07-24 19:04:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011-07-24 19:04:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011-07-24 19:04:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011-07-24 19:04:57 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011-07-24 19:04:57 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011-07-24 19:04:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011-07-24 19:04:57 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011-07-24 19:04:57 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011-07-24 19:04:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011-07-24 19:04:57 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011-07-24 19:04:57 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011-07-24 19:04:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011-07-24 19:04:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011-07-24 19:04:57 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011-07-24 19:04:57 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011-07-24 19:04:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011-07-24 19:04:57 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011-07-24 19:04:57 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011-07-24 19:04:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011-07-24 19:04:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011-07-24 19:04:56 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011-07-24 19:04:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011-07-24 19:04:56 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011-07-24 19:04:56 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011-07-24 19:04:56 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011-07-24 19:04:56 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011-07-24 19:04:56 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011-07-24 19:04:56 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011-07-24 19:04:56 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011-07-24 19:04:56 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011-07-24 19:04:56 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011-07-24 19:04:56 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-07-24 19:04:56 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011-07-24 19:04:56 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011-07-24 19:04:56 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011-07-24 19:04:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011-07-24 19:04:56 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011-07-24 19:04:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011-07-24 18:01:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011-07-24 17:36:57 | 000,007,605 | ---- | M] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg
[2011-07-24 17:11:10 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-07-23 21:16:03 | 000,057,560 | ---- | M] () -- C:\Users\eMeM\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-07-23 20:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011-07-23 20:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011-07-23 20:49:52 | 000,065,536 | -HS- | M] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011-07-23 20:47:02 | 000,000,020 | -HS- | M] () -- C:\Users\eMeM\ntuser.ini
[2011-07-23 20:43:14 | 000,185,589 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-07-23 20:43:14 | 000,185,589 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-06-30 09:38:08 | 000,016,016 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011-06-30 09:37:26 | 000,363,560 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011-06-30 09:37:26 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
========== Files Created - No Company Name ==========
[2011-07-28 21:29:45 | 002,584,758 | ---- | C] () -- C:\Users\eMeM\Desktop\raport.html
[2011-07-28 21:24:05 | 000,392,945 | ---- | C] () -- C:\Users\eMeM\Desktop\logs.zip
[2011-07-25 11:46:46 | 000,001,043 | ---- | C] () -- C:\Users\eMeM\Desktop\dota.lnk
[2011-07-25 11:34:36 | 000,000,000 | -H-- | C] () -- C:\Users\eMeM\Documents\Default.rdp
[2011-07-24 19:04:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-07-24 19:04:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011-07-24 18:01:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011-07-24 17:36:50 | 000,007,605 | ---- | C] () -- C:\Users\eMeM\AppData\Local\Resmon.ResmonCfg
[2011-07-24 17:22:01 | 001,439,265 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011-07-24 17:11:09 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-07-23 21:16:03 | 000,057,560 | ---- | C] () -- C:\Users\eMeM\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-07-23 20:49:47 | 001,340,394 | -H-- | C] () -- C:\Users\eMeM\AppData\Local\IconCache.db
[2011-07-23 20:47:36 | 000,001,417 | ---- | C] () -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-07-23 20:47:31 | 000,001,451 | ---- | C] () -- C:\Users\eMeM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-07-23 20:47:02 | 001,048,576 | -HS- | C] () -- C:\Users\eMeM\NTUSER.DAT
[2011-07-23 20:47:02 | 000,524,288 | -HS- | C] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011-07-23 20:47:02 | 000,524,288 | -HS- | C] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011-07-23 20:47:02 | 000,065,536 | -HS- | C] () -- C:\Users\eMeM\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011-07-23 20:47:02 | 000,000,020 | -HS- | C] () -- C:\Users\eMeM\ntuser.ini
[2011-07-23 20:42:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-07-23 20:42:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-07-23 20:38:33 | 1603,772,416 | -HS- | C] () -- C:\hiberfil.sys
[2009-09-23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009-07-14 04:34:57 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009-07-14 04:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011-07-28 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\.purple
[2011-07-25 10:48:11 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\gtk-2.0
[2011-07-28 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\eMeM\AppData\Roaming\Runscanner.net
[2009-07-14 07:08:49 | 000,007,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras.txt:
OTL Extras logfile created on: 2011-07-28 21:32:26 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\eMeM\Desktop\Pobieranie
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,89% Memory free
3,98 Gb Paging File | 2,69 Gb Available in Paging File | 67,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 62,83 Gb Free Space | 78,54% Space Free | Partition Type: NTFS
Drive D: | 152,79 Gb Total Space | 150,20 Gb Free Space | 98,31% Space Free | Partition Type: NTFS
Computer Name: EMEM | User Name: eMeM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1658905300-985269091-2225506878-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Mozilla Firefox 5.0.1 (x86 pl)" = Mozilla Firefox 5.0.1 (x86 pl)
"Pidgin" = Pidgin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2011-07-25 04:41:44 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-25 06:07:22 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-25 09:34:09 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-25 09:55:47 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-25 10:21:12 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-25 14:35:08 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-26 02:04:04 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-26 12:58:55 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-28 13:57:58 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
Error - 2011-07-28 14:43:46 | Computer Name = eMeM | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 2011-07-23 14:58:25 | Computer Name = eMeM-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi eventlog.
Error - 2011-07-23 15:01:16 | Computer Name = eMeM-Komputer | Source = Service Control Manager | ID = 7022
Description = Usługa Windows Update zawiesiła się podczas uruchamiania.
Error - 2011-07-24 11:22:00 | Computer Name = eMeM-Komputer | Source = Service Control Manager | ID = 7030
Description = Usługa COMODO Internet Security Helper Service jest oznaczona jako
usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na
usługi interakcyjne, dlatego ta usługa może nie działać właściwie.
Error - 2011-07-24 13:12:38 | Computer Name = eMeM-Komputer | Source = Service Control Manager | ID = 7023
Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił
następujący błąd: %%16405
Error - 2011-07-24 13:15:06 | Computer Name = eMeM-Komputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x80242016: Aktualizacja zabezpieczeń
programu Internet Explorer 8 w systemie Windows 7 dla systemów opartych na procesorach
x64 (KB2544521).
Error - 2011-07-24 13:33:43 | Computer Name = eMeM-Komputer | Source = DCOM | ID = 10010
Description =
Error - 2011-07-24 16:08:33 | Computer Name = eMeM-Komputer | Source = DCOM | ID = 10010
Description =
< End of report >
AutoRuns:
http://wklej.org/id/568914/