Skocz do zawartości
Nadchodzące zmiany w logowaniu

marcos777

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    135

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Treść opublikowana przez marcos777

  1. marcos777
    Witam, wykonując Windows Worms Doors Cleaner - wciąż wyskakuje taki komunikat jak w załączniku - nie można zamknąć Messengera. Od zawsze. Laptop Vista HE 32. Jest na to jakaś rada? Microsoft Security Bulletin MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution (828035) OTL.txt OTL.Extras
  2. marcos777
    Pożyjemy, zobaczymy. Dam znać, jak się coś znów wysypie. Odkurzany był w środku niedawno, przy okazji naprawy wyjścia słuchawkowego, ale pastę termoprzewodzącą muszę dopiero kupić. Dzięki Aha, a co z GMERem i pozostałymi logami z 1. postu?
  3. marcos777
    Pastę wymieniałem ~ 1-1,5 rok temu przy okazji czyszczenia wnętrza. Wentylator bardzo głośno pracował, tak był zabrudzony i zatarty. Lapcio dopiero niedawno się zaczął wyłączać. Teraz jak go podniosłem na specjalnych podstawkach w górę, by miał lepsze chłodzenie od spodu, to czuję, że ma dużo zimniejszą obudowę.
  4. marcos777
    Proszę: EVEREST - pełny raport CPUID HWMONITOR - raport CPUID SMBUS - raport MHDD SMART Nie zamieszczam pełnych opisów, tylko numer ID i wartości. A pełne "Attribute name" są tutaj diagnostyka SMART w Wikipedii wraz z opisem i TUTAJ. Raport MHDD + SMART
  5. marcos777
    Udało się, oto log Gmer Kiedyś go rozbierałem i czyściłem wszystko w środku oraz dołożyłem pasty pod procesor. Faktycznie by strasznie zakurzony, powodowało to, że wentylator chodził baaardzo głośno. Teraz jest cichy, temp. osiągi, itp ... EVEREST Podniosłem lapcia przed chwilą na specjalnych podstawkach w górę, by miał lepsze chłodzenie od spodu. - Ok, zrobiłem to - ustawiłem DEP: A było ustawione: ---------------- Vista w Panel sterowania / Informacje wydajności i narzędzia / Raporty i rozwiązywanie problemów zgłasza błędy na HDD: Coś tego wykonać? oraz
  6. marcos777
    Witam, od jakiegoś czasu bardzo często laptop (Vista HE 32) po prostu sam się wyłącza podczas pracy z dokumentami, zdjęciami lub innymi programami. Wyskakuje też czasem komunikat: "Proces hosta systemu Windows (Rundll32) przestał działać" System podpowiada, że można zmieniać ustawienia w DEP, jeśli problem z Rundll32: DEP Zamieszczam logi: OTL.TXT OTL.EXTRAS GMER: ... (skanuje się jeszcze) DrWeb Ad-REMOVER Findykill TDSS Proszę o instrukcje. ----- Właśnie przed chwilą - w trakcie skanowania Gmer, znów sam się laptop wyłączył, ale tym razem pojawił się też niebieski ekran. Niestety nie zdążyłem podejść, by zapisać numer błędu. Skanuję Gmerem od nowa....
  7. marcos777
    - Przeskanowałem kompa programem Exterminate It! - nie znalazł jednak żadnej infekcji związanej z NOD1.tmp (ale wszystkie pliki NODxxx.tmp usunąłem wcześniej ręcznie). - W ESET - ustawienie parametrów technologii ThreatSense odhaczyłem: "Uruchom skanowania w tle z niskim priorytetem" - Zrobiłem jeszcze optymalizację systemu, defrag rejestru, itp. W tej chwili laptop i internet chodzą już normalnie. Bardzo dziękuję wszystkim za pomoc. Odezwę się, jak znów zaleją mnie te tempy z NODa i spowolni neta. Pozdrawiam
  8. marcos777
    Wszystko wykonane, co poleciliście Panowie. Oraz Ccleaner, DiskMax. Nie wiem co robić z tymi Nod****.tmp ? Po wczorajszym usunięciu tych plików, komp trochę przyśpieszył. pozdrawiam. Marek
  9. marcos777
    Witam, internet zamulony, wolno otwierają się strony poczty, nie ładują się filmy na YT, itp. Co jakiś czas w katalogu Windows \ Temp tworzy się olbrzymia ilość plików o nazwach typu NODXXX.tmp. Dziś 65 000, kiedyś 120 000 sztuk. Usuwam je, ale tworzą się znów po jakimś czasie. Skasowanie zawartość katalogu C:\Windows\Temp. Pozdrawiam, Extras.Txt OTL.Txt
  10. marcos777
    Witam picasso, przepraszam za opóźnienie - wyjechałem, więc dopiero teraz kilka wyjaśnień: - strasznie mulił, tzn. np. długo się otwierały strony FF, wolno się przewijały www, pomału otwierała się poczta, wpisując nazwę użytkownika poczty w FF - po wpisaniu nazwy czy hasła, było widać tylko 1 znak, po kilkunastu sekundach dopiero się pojawiała reszta, długie oczekiwanie na reakcję, Po restarcie ikony pulpitu dłuuugo są białe, potem po długim czasie, po kolei zmieniają się na normalne. - dźwięki systemowe z echem (powtórzenia) i z pogłosem - Trojan Remover znalazł kilka trojanów i usunął (potem podam nazwy i lokalizacje, jak wrócę do domu) - chciałem zrobić tylko OTL i Gmera, ale OTL.exe nie działał, tzn. po zapuszczeniu rozpoczynał skanowanie i nie kończył pracy.Chwilę poskanował, wyświetla: Processing (deleteself) i nic więcej się nie dzieje. Dopiero OTL.SCR zadziałał. - GMER pobierany z różnych lokalizacji/nazw ruszał i stawał kilka razy. Zawsze na C:\Windows\System32\Drivers\.... np. easdrv.sys. Jak zmieniłem na próbę nazwę na esadrv.sy_ skanowanie poszło dalej, ale stanęło na videopart.sys. Znów zmieniłem kolejną nazwę, ... poszło dalej i stanęło na eaps2kbd.sys. Itd. I tak może stać kilka godzin na danym sterowniku. - myślałem, że Combofix sobie poradzi. Ale i on tylko rozpoczynał skanowanie, tworzył nawet PPS, pokazywało się okno, że Skanowanie w poszukiwaniu zainfekowanych plików... i potrwa ok. 10 minut itp. i koniec. Stoi, nic nie robi. Nie było już info o zablokowanym zegarze i ukończonych etapach. - w trybie awaryjnym to samo się dzieje, nie da się przeskanować kompa OTL, Gmerem, CF. - Avengera odpaliłem, bo nie wpisując skryptu i tak wykonuje skanowanie i jak coś znajdzie to może usunąć. - w Autoruns pousuwałem w SRV i DRV "File not found" - było takich więcej niż w wykazie. - proszę o więcej info na temat: "Wejdź w Dziennik i przeklej z właściwości błędu dokładną formułę". - Magix i Ashampoo powyłączałem w Uruchamianiu - chętnie zrobiłbym sfc /scannow, ale nie wiem czemu nie czyta napęd CD. Da się to zrobić z pendriva lub z HDD? Pozdrawiam,
  11. marcos777
    Witam, laptop muli. XP HE SP3. Proszę o pomoc w analizie logów: OTL.txt OTL.Extras RSIT.info RSIT.log AVENGER.log RKILL.log Combofix i Gmer rozpoczynają, ale nie kończą pracy. W rejestrze mam jeszcze pozostałości do usunięcia: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd Pozdrawiam, BitDefender_QScan
  12. marcos777
    Ok. W takim razie ten wątek myślę, że jest do zamknięcia. Dzięki Landuss za pomoc. Problem WMP11 poruszę w innym dziale. A na koniec, z tym coś zrobimy: Log ....dziś przeskanowałem lapcia programem Bootkit Remover. Chciałbym Cię prosić o instrukcję co z tym np. zrobić: Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1126) : remover.exe fix <device_name> .\boot_cleaner.cpp(1129) : .\boot_cleaner.cpp(1151) : Done;
  13. marcos777
    Dysk C: ma teraz brak PPS, choć tak jak pozostałe dyski miał wcześniej zrobiony przez CF o godz. 14:22. Komunikaty dalej się pojawiają ...0x80070032. ================================ Zrobiłem scan Combofix i znów mam wszystkie PunktyPS (przez niego stworzone). Log CF Na koniec chciałem OTL posprzątać, ale nie da się żadnego pliku ściągnąć, bo wyskakuje komunikat: Plik C:\Users\user\AppData\Local\Temp nie może zostać zapisany, ponieważ nie można zmienić zawartości tego folderu. Należy zmienić właściwości folderu, a następnie spróbować ponownie lub wybrać inny folder docelowy. -- Na szczęście po restarcie kompa już się ściągają/zapisują pliki. =================================== Landuss, dziś przeskanowałem lapcia programem Bootkit Remover log. Chciałbym Cię prosić o instrukcję co z tym np. zrobić: Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1126) : remover.exe fix <device_name> .\boot_cleaner.cpp(1129) : .\boot_cleaner.cpp(1151) : Done; Log USBfix znalazł m.in. w C:\Users\user\AppData\Local\Temp\pv.exe - to wg Virus Total - trojan Spyware.Bancos.73728 Po prostu go usunąłem, ale nie wiem, czy gdzieś nie trzeba jeszcze poszukać jego pozostałości? I co z tym?: ################## | Files # Infected Folders | Found ! F:\AUTORUN_.INF Found ! G:\AUTORUN_.INF ################## | Registry | Found ! HKCU\Software\MediaSolaris Found ! HKCU\Software\TurboNet Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives - Zrobiłem tak: po prostu opcja Deletion w USBFix i usunęło: ################## | Files # Infected Folders | Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Deleted ! E:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Not deleted ! F:\AUTORUN_.INF Not deleted ! G:\AUTORUN_.INF ################## | Registry | Deleted ! HKCU\Software\MediaSolaris Deleted ! HKCU\Software\TurboNet Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Aktualny log z USBfix tak wygląda: ############################## | UsbFix 7.034 | [Research] User: user (Administrator) # MARTITA [Acer Aspire 3690] Updated 25/10/10 by El Desaparecido / C_XX Started at 13:54:26 | 31/10/2010 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) # Service Pack 2 Internet Explorer 8.0.6001.18943 Windows Firewall: Enabled RAM -> 2037 Mb C:\ (%systemdrive%) -> Fixed drive # 52 Gb (2 Mb free - 5%) [ACER] # NTFS D:\ -> Fixed drive # 52 Gb (27 Mb free - 51%) [DATA] # NTFS E:\ -> Fixed drive # 932 Gb (468 Mb free - 50%) [Free Agent Drive_z e w n ę trzny] # NTFS F:\ -> Removable drive # 4 Gb (900 Mb free - 24%) [uSB_4 GB] # FAT32 G:\ -> Removable drive # 7 Gb (2 Mb free - 24%) [] # FAT32 P:\ -> CD-ROM ################## | Files # Infected Folders | Found ! F:\AUTORUN_.INF Found ! G:\AUTORUN_.INF ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) F:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs) F:\Autorun.inf -> Folder created by Panda USB Vaccine G:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs) G:\Autorun.inf -> Folder created by Panda USB Vaccine ################## | E.O.F | Chciałbym jeszcze usunąć katalogi utworzone przez Flash Disinfector, a zabezpieczyć dyski przez UsbFix. Na razie nie udaje mi się to. AD-REMOVER usunął jeszcze klucze ToolBar w rejestrze: ======= REPORT FROM AD-REMOVER 2.0.0.2,B | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 25/10/10 at 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:15:09 on 31/10/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) user@MARTITA (Acer Aspire 3690) ============== ACTION(S) ============== (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 Key deleted: HKCU\Software\AppDataLow\AskBarDis ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.12 (pl)] ** ======================================== ** Internet Explorer Version [8.0.6001.18943] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 31/10/2010 (2301 Byte(s)) C:\Ad-Report-SCAN[1].txt - 31/10/2010 (2467 Byte(s)) End at: 14:17:11, 31/10/2010 ============== E.O.F ============== A tu jest coś do zrobienia: Log FindyKill ?
  14. marcos777
    Sprawdziłem, jest: Uruchomiono - Automatyczny - System lokalny. Wyeksportowałem całą listę usług.
  15. marcos777
    OTL posprzątał. A wreszcie udało się uzyskać Log GMER Dziękuję Ci Landuss za pomoc, komp wyraźnie przyśpieszył. Mam jeszcze kilka pytań, ale o to już chyba w innym dziale zapytam. - Co do punktów przywracania systemu - udało się skasować stare, ale nowe się nie chcą utworzyć. Jest komunikat: Nie można utworzyć zaplanowanego zadania z następującej przyczyny: Żądanie nie jest obsługiwane. 0x80070032 Pasowałoby PPS mieć w zapasie, bo czasem system nie wstaje po aktualizacji lub instalacji jakiegoś programu. Myślę, że jak odpalę ComboFixa to on na siłę zrobi sam Punkt Przywracania Systemu. Co myślisz? - I jeszcze mam problem z Windows Media Player. Wersja 11 jest zepsuta, nowa się nie instaluje, bo mówi, że jest nowsza na komputerze, odinstalować nie można, itp. itd. ======================== Udało się - ComboFix utworzył PPSystemu. Ale i tak przy sprawdzeniu czy jest - we właściwościach systemu, choć jest dla wszystkich dysków, wyskakuje komunikat Nie można utworzyć zaplanowanego zadania z następującej przyczyny: Żądanie nie jest obsługiwane. 0x80070032 Ostatnie logi kontrolnie, proszę o rzut okiem: Log CF Log OTL.txt Log OTL.Extras
  16. marcos777
    Nowy log OTL. EXTRAS: OTL Extras logfile created on: 2010-10-30 08:49:51 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\user\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Computer Name: MARTITA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C6D46D-D477-43BB-BF54-150FF66DCC93}" = lport=2869 | protocol=6 | dir=in | app=system | "{0F8135AB-7428-4775-9578-2C7DF4046930}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{19B9C72F-7D5B-4B34-86FC-5A29423764C1}" = lport=2869 | protocol=6 | dir=in | app=system | "{1B83F24F-1D53-486F-B53B-56168CBFA4A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{24C5B76B-0C35-41B4-AD87-09DBC3CBA205}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | "{39CE35B1-4621-47F7-A4F2-9154FD986B01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3DD887CD-F8ED-4B29-B82A-4495D4B07C5D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | "{4A8507F5-CBEE-4913-A605-1F9FB5E8B2F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{52C41AE3-E390-4301-991D-CCFC42894DCC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5709E341-6FBC-48A2-A563-79A557E5C1A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{5CD0A027-C065-41CC-A894-A5AB32DB36DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6F5C8EA4-D5CB-4C51-A108-CC61C50EC8D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{70196BDB-027E-4A91-8BCE-A925F242B210}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{76E00097-F9FC-4862-A8B3-D1D0F4B728DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{7AD7C22B-E7AF-4123-BDE2-EE2A0D646DBA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{903DBF7E-B796-4B5C-89BA-4A9365BD9DDF}" = lport=49157 | protocol=6 | dir=in | name=akamai netsession interface | "{9CE9CC64-2751-4BDC-9DD6-CAD27B725AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AD6CC92B-BA6B-4D92-852A-9B2F81D6C8AD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{B24E5DB3-2A60-4365-8352-0A3C536D2B2A}" = rport=2869 | protocol=6 | dir=out | app=system | "{B418B0AA-7004-471A-9EF3-BB69C81DF00D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C49673F0-879E-49A0-9978-15D1471A33B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{CD07411D-36CB-4A48-9183-E3FFAB1DCF32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{D775CE37-6712-4552-BF3F-4D9C2F580988}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | "{E74FE4C6-1C8D-454B-86FD-931C5E69112A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E98F4C10-C726-44E7-B357-0F34A0EAB777}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{F4DBE0D0-1353-4433-B14C-3B6A0F5AA9A5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0228917A-603F-4FC1-8DD7-B70BEDA0953F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{077797B2-4BBB-4C99-87F9-F09F92011056}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0E05028D-2E04-4E96-AA61-725617F50C43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E4367B2-A10B-4637-911C-34B1CABAC935}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | "{10615128-173B-4D99-9F95-D01FF2DFCAF3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{162815AD-4AF8-44D8-9B7E-47693B12B31B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{18DEFBDA-EB37-4E92-AFED-512C43B73F51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B7E2137-8B53-49EE-9B13-F30AD2DFE602}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{215A7A7C-5C87-4079-87EA-BE5642297423}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2CF0477A-0431-4CEE-8D5A-A649DD223B5A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2ECEF20E-30AB-4456-94CB-F86A8A7F45AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F31A084-7920-4FE3-B92C-4D966FA244BC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{313CE42A-8BB5-481A-B02C-82C1ABC2213A}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{34E53280-380C-4314-BE08-842404692132}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3593BB9C-05B8-4D91-B8F1-2DDEA80769DF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47509D00-21F6-4ADE-B34E-016DBD33A2E4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4879DD47-ADE0-4221-88FF-1D36C420A004}" = protocol=6 | dir=out | app=system | "{4B21EA03-10F7-41A9-8886-65BBD4DB8A1A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{544E5B9A-517F-4CA7-A503-9B29607E31B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5E5E1214-D733-4861-8E4D-4FD2B1D40401}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FBE3749-FB79-40F9-8134-5DBF85393EB6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6B93B5DA-16C4-48BB-9315-A3B64BB7A810}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72DDCD60-73E5-48AD-986E-DD7A505B854C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{76302665-013E-4341-A5E8-BFB60F4EB0C8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{7657D7D1-3832-482E-800B-85E341D47D49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78212859-1D07-464F-807D-2FD6DA666A63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C8C8E4F-1A0A-4BD7-9584-1D293BCD2CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8379E621-F6A0-4B0A-89C7-458C77CC15B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{893B6657-02FD-47FE-883A-913738C44DE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C35CDC7-7034-4B72-BE25-5DB72D5610A4}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | "{8D1AFFB4-BDBE-4AC9-A826-6C38BEE6C5DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9DAC78C6-6B38-48CC-B009-AA3AAB0F7FE1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{9F80B5B2-656D-476A-8688-88EBEB6FDBE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2CDDD16-6158-40B6-BA4A-A5709B3EEEEB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A34E4305-47FC-4E3B-9688-803D70C15B0B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A44486E7-4070-4216-A55E-87E8FBF5A6DD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4BBFFFE-E906-4512-85DF-3FCD49EE9025}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A898D132-53BA-449B-BFFC-1E6D3EF5EC7F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AC0DAB0B-2073-4778-9289-7C3F96DF5C87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ACF95EAA-4C13-4F01-B351-9C688D7F4D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B8ADF34F-129D-41C1-981C-40D19D09A9B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF7EBE97-A708-4B8E-86AC-B690715F83D6}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | "{BFD54131-C3C2-4EB2-AC0C-5BE3555B530E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C52DB4F5-553A-4544-9E55-FA78A384BF94}" = protocol=6 | dir=out | app=system | "{C5638B67-AB16-4EFE-B465-4E4CDF2933A3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C59B196A-4515-4575-B5CC-1B1D16DDBD41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C902014E-3701-4F8E-9379-35E9A4D8ADBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CE7FFD8E-5E4C-4757-B58E-F02709BC42F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D3E0C834-2A75-425C-B80F-647FD7A9C987}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D5219AF5-CA59-469D-8828-845EDC60BCC4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D895F6D8-A206-4013-866C-CD25A04457E8}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | "{DCAE2AB3-9A4B-4D16-BD61-E9DC9A613504}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DCD1A0FC-B9DD-4A86-A1B6-6667D75874EB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E09B61F5-B4C4-48AC-A26F-9CA47FDC2C29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E1E14113-40BF-44F2-A258-1053944A0161}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E1EC2C53-637A-475F-A5D4-1208ED9B376A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EAC57ABB-1526-41E7-8512-89077C908A7E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EFEB4407-39CF-46AE-B5BA-C5CC850652F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F216BD0D-6ED3-46AE-8556-2B41F8FBA2A2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{3606E7C6-2DE9-4351-8E60-DC8F4C50FD04}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{549F0802-99E0-43C8-A159-AC579B69B24D}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{57ECF9E4-2247-4CF0-B931-958E3ADD4ABE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{6B20DBDE-9F99-4144-8FBF-18B0CD342989}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{7B96E201-3928-420D-9C19-F70F41DD87DB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{83DC2FC4-ADA4-4FAA-81FB-E425FD5BA47E}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{A38B39C9-B9F4-4F79-93A9-AC834365F782}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "TCP Query User{B5D831ED-44BE-4A23-A207-1BEDA4832D03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{DEE9AD7E-3206-4864-A627-30F17BF6876A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{E6066F5A-A996-4C7D-9E7A-F16469C3A9EB}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{E8429323-991A-408C-ABA7-0394F4360865}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{279690C6-5C8F-42BA-AFE7-E1351DBF4865}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{50D37BAD-90A8-4A51-8852-409AD9863491}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{757C4176-C617-40BE-93F8-9479C76C5B52}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{866D0016-F182-4AE5-8423-2C8F01DCB8E0}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{86D74EAF-2501-4921-87BD-F95E834A6835}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{925CFF97-6095-4540-A4D8-D7B7639FB24D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C986D21C-CD6D-4292-8CD0-F4ABD13E9FC3}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{CC7E7745-0A55-4C4C-9762-3A8DA563CCA7}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{DCA95CE6-8289-4487-AF0E-D1219464E68C}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{F0B65935-835C-41DE-AC67-766DC4D6AF44}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F3EABA80-3DAF-43A1-80B9-3302E237A48B}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Asystent rejestrowania za pomocą identyfikatora Windows Live "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2496C4C6-A617-4646-B264-ECF60457B184}" = MAGIX FotoStory na CD & DVD 9 Download Version "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{30233C19-872D-4412-9050-7DC263824A96}" = RealSpeak Solo 4.0 SAPI5 Polish Agata "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3E2D9049-CB69-11D2-94EC-00A0C90683DA}" = VBA (2720) "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DB62162-439D-4A2D-A0D8-1EBF190FDCDC}_is1" = AnyFound Photo Recovery Free Edition 1.1 "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5 "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011 "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{90140011-0061-0415-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Polski "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0 "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}" = Radmin Viewer 3.4 "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F31961E-9536-4D0C-A0B0-BBEB25636A84}" = Backup4all Lite 4 "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{9FEF4EA5-025F-4D8B-9376-680CA8E77C9C}" = Delete FXP Files 2009 - Demo "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5120A5B-DB40-4E1E-9392-3D5BC1E4CB24}" = MAGIX 3D Maker (embedded MSI) "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.4 - Polish "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CF4E1FE8-0B0C-4E9F-B9C8-8E5FB5A814D9}" = INTERsoft-Menadżer licencji "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}" = OpenOffice.org 3.2 "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7C05692-5AD3-4032-A1C8-7CBAECD52EB3}" = Polish language for ABBYY FineReader 8.0 Professional Edition "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E62C6691-52B3-44B5-B9B0-4C73237D8F0A}" = MAGIX Screenshare "{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C1383A-4925-426C-88A6-E384E007DD24}" = FixMyRegistry "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents "{F8423392-2296-4748-9B66-344432459632}" = PureHD "{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0 "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic "{FD552BF9-FAE3-48FA-ADC9-18E455E03FEC}" = MAGIX Speed 2 (MSI) "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "AntiLogger" = AntiLogger "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode) "AviSynth" = AviSynth 2.5 "AviTricks Classic_is1" = AviTricks Classic version 1.65 "Browser Defender_is1" = Browser Defender 2.0.6.15 "BusinessCardsMX3_is1" = BusinessCardsMX 3.96 "CCleaner" = CCleaner "CloneCD" = CloneCD "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "De BOLSILLO_is1" = De BOLSILLO v 1.0 "Delete FXP Files 2009 - Demo" = Delete FXP Files 2009 - Demo "DiskMax" = DiskMax 4.40 "ETRemover" = ETRemover "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00 "EvilLyrics" = EvilLyrics "Expressivo" = Expressivo "FileASSASSIN" = FileASSASSIN "Finale 2007" = Finale 2007 "Finale 2009" = Finale 2009 "Finale 2010" = Finale 2010 "Finale Allegro 2007" = Finale Allegro 2007 "Finale NotePad 2008" = Finale NotePad 2008 "Finale PrintMusic 2010" = Finale PrintMusic 2010 "Finale SongWriter 2010" = Finale SongWriter 2010 "Fix My Registry_is1" = Fix My Registry v3.0 "FixMyRegistry" = FixMyRegistry "Gadu-Gadu 10" = Gadu-Gadu 10 "Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009 "Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786 "GMailFS" = GMail Drive Shell Extension "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "InstallShield_{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "ipla" = ipla 2.1.1 "IVO Glossary" = IVO Glossary "Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK "JDownloader" = JDownloader "KC Softwares SUMo_is1" = KC Softwares SUMo "KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Standard) "Kurs Masazu_is1" = Kurs Masazu "LManager" = Launch Manager "LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition "MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded) "MAGIX Movie Edit Pro 15 Plus Download version UK" = MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK) "MAGIX Movie Edit Pro silver UK" = MAGIX Movie Edit Pro silver 8.6.0.17 (UK) "MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK) "MAGIX Speed burnR UK" = MAGIX Speed burnR "MAGIX_MSI_Fotos_auf_CD_DVD_9" = MAGIX FotoStory na CD & DVD 9 Download Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Motherboard Monitor 5_is1" = Motherboard Monitor 5 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MyDefrag v4.2.5_is1" = MyDefrag v4.2.5 "Nice PDF Compressor_is1" = Nice PDF Compressor 2.0 "novaPDF Lite Desktop 7 printer_is1" = novaPDF Lite Desktop 7.0 printer "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Photo Resize Magic" = Photo Resize Magic 1.1 "Picasa 3" = Picasa 3 "PoiZone" = PoiZone "Profesor Pedro - Słownictwo_is1" = Profesor Pedro - Słownictwo "RayV" = RayV "RealAlt_is1" = Real Alternative 1.9.0 "RealDraw Pro_is1" = RealDraw Pro v4.0.17.1 "Recover My Files_is1" = Recover My Files "Recuva" = Recuva "RegCure" = RegCure "Sakura" = Sakura "Sawer" = Sawer "SLD Codec Pack" = SLD Codec Pack "SLOW-PCfighter" = SLOW-PCfighter "Spyware Doctor" = Spyware Doctor 7.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "System Closer_is1" = System Closer 1.0.0.13 "SystemRequirementsLab" = System Requirements Lab "Totalcmd" = Total Commander (Remove or Repair) "Toxic Biohazard" = Toxic Biohazard "Unlocker" = Unlocker 1.8.9 "Virtual Piano_is1" = Virtual Piano 3.0 "VLC media player" = VLC media player 0.9.8a "VoipCheapCom_is1" = VoipCheapCom "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.4 "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinMend Disk Cleaner_is1" = WinMend Disk Cleaner 1.4.4 "WinMend History Cleaner_is1" = WinMend History Cleaner 1.3.5 "WinMend Registry Cleaner_is1" = WinMend Registry Cleaner 1.5.6 "WinMend System Doctor_is1" = WinMend System Doctor 1.5.4 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BogFran Designer" = BogFran Designer "EspTrans" = Tłumacz i Słownik Języka Hiszpańskiego [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-10-29 17:38:51 | Computer Name = Martita | Source = Perflib | ID = 1010 Description = Error - 2010-10-30 01:58:34 | Computer Name = Martita | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura czasowa 0x4cbda469, moduł powodujący błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura czasowa 0x4cbda469, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000c551, identyfikator procesu 0xcf4, godzina rozpoczęcia aplikacji 0x01cb77f6dcbda547. [ System Events ] Error - 2010-10-30 01:33:51 | Computer Name = Martita | Source = Service Control Manager | ID = 7000 Description = Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = Service Control Manager | ID = 7026 Description = Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = LSM | ID = 1048 Description = Error - 2010-10-30 01:35:01 | Computer Name = Martita | Source = Service Control Manager | ID = 7001 Description = Error - 2010-10-30 02:41:16 | Computer Name = Martita | Source = volmgr | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2010-10-30 02:41:33 | Computer Name = Martita | Source = volmgr | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2010-10-30 02:43:04 | Computer Name = Martita | Source = Service Control Manager | ID = 7000 Description = Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = Service Control Manager | ID = 7026 Description = Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = LSM | ID = 1048 Description = Error - 2010-10-30 02:44:31 | Computer Name = Martita | Source = Service Control Manager | ID = 7001 Description = < End of report > Zrobić już Sprzątanie w OTL, by usunąć Qoobox/CF i OTL? Log RootRepeal: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/30 09:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x90BB9000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x90BAE000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xB27DF000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1200 Status: Locked to the Windows API! SSDT ------------------- #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860152d6 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860154c8 #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x86014f44 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860156d0 ==EOF== i jeszcze 09:41:05: Unrecognized partition type 6 (0x6)! 09:41:13: Could not read system registry! Please contact the author!
  17. marcos777
    Gmer kilka razy się wyłączał w trakcie pracy. Aktualnie robi się po raz kolejny (na razie działa) i czekam na loga, którego wkleję. Zaraz też mogę wykonć skanowanie RootRepeal. ============================== Teraz wykonałem skrypt OTL. Oto log z usuwania OTL: All processes killed ========== OTL ========== Service UIUSys stopped successfully! Service UIUSys deleted successfully! File C:\Windows\System32\DRIVERS\UIUSYS.SYS not found. Service cpu stopped successfully! Service cpu deleted successfully! File C:\cpu.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys not found. Service AVFSFilter stopped successfully! Service AVFSFilter deleted successfully! File C:\Windows\System32\DRIVERS\avfsfilter.sys not found. HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\r6yd7ja3.default\searchplugins\winamp-search.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. C:\Windows\Tasks\{940150C4-A3ED-4CF4-A613-A6AD96D7230B}.job moved successfully. C:\Windows\Tasks\{C555EFEE-A6D4-45C3-907B-45CB5D4BC69E}.job moved successfully. ========== FILES ========== C:\Users\user\AppData\Local\TempAB1224.html moved successfully. C:\Users\user\AppData\Local\TempAc1836.html moved successfully. C:\Users\user\AppData\Local\TempaH3848.html moved successfully. C:\Users\user\AppData\Local\Tempal1312.html moved successfully. C:\Users\user\AppData\Local\Tempal1632.html moved successfully. C:\Users\user\AppData\Local\TempAM1208.html moved successfully. C:\Users\user\AppData\Local\TempANl492.html moved successfully. C:\Users\user\AppData\Local\TempaNT552.html moved successfully. C:\Users\user\AppData\Local\TempaP1888.html moved successfully. C:\Users\user\AppData\Local\TempAvH452.html moved successfully. C:\Users\user\AppData\Local\Tempbf3848.html moved successfully. C:\Users\user\AppData\Local\TempBic552.html moved successfully. C:\Users\user\AppData\Local\Tempbj2028.html moved successfully. C:\Users\user\AppData\Local\TempbLT288.html moved successfully. C:\Users\user\AppData\Local\TempBMd520.html moved successfully. C:\Users\user\AppData\Local\TempBnL300.html moved successfully. C:\Users\user\AppData\Local\Tempbp1640.html moved successfully. C:\Users\user\AppData\Local\TempbQ1312.html moved successfully. C:\Users\user\AppData\Local\TempbR1972.html moved successfully. C:\Users\user\AppData\Local\Tempbrp328.html moved successfully. C:\Users\user\AppData\Local\TempBt2032.html moved successfully. C:\Users\user\AppData\Local\Tempbu4392.html moved successfully. C:\Users\user\AppData\Local\TempBwf300.html moved successfully. C:\Users\user\AppData\Local\TempBxk136.html moved successfully. C:\Users\user\AppData\Local\TempCCR304.html moved successfully. C:\Users\user\AppData\Local\TempceY500.html moved successfully. C:\Users\user\AppData\Local\TempCFm492.html moved successfully. C:\Users\user\AppData\Local\TempcKY520.html moved successfully. C:\Users\user\AppData\Local\TempCO1896.html moved successfully. C:\Users\user\AppData\Local\TempcQd624.html moved successfully. C:\Users\user\AppData\Local\TempcZL540.html moved successfully. C:\Users\user\AppData\Local\Tempdd2476.html moved successfully. C:\Users\user\AppData\Local\TempdE4844.html moved successfully. C:\Users\user\AppData\Local\TempdP1640.html moved successfully. C:\Users\user\AppData\Local\TempdqN480.html moved successfully. C:\Users\user\AppData\Local\TempDV1916.html moved successfully. C:\Users\user\AppData\Local\TempdVR240.html moved successfully. C:\Users\user\AppData\Local\TempDw1224.html moved successfully. C:\Users\user\AppData\Local\TempdWD760.html moved successfully. C:\Users\user\AppData\Local\Tempedd596.html moved successfully. C:\Users\user\AppData\Local\TempEmK492.html moved successfully. C:\Users\user\AppData\Local\TempeSH544.html moved successfully. C:\Users\user\AppData\Local\TempeV1024.html moved successfully. C:\Users\user\AppData\Local\TempezM328.html moved successfully. C:\Users\user\AppData\Local\TempfC2024.html moved successfully. C:\Users\user\AppData\Local\TempFCh480.html moved successfully. C:\Users\user\AppData\Local\TempFeL316.html moved successfully. C:\Users\user\AppData\Local\TempFf1640.html moved successfully. C:\Users\user\AppData\Local\TempfFt236.html moved successfully. C:\Users\user\AppData\Local\Tempfl1320.html moved successfully. C:\Users\user\AppData\Local\TempfpR500.html moved successfully. C:\Users\user\AppData\Local\TempFt1036.html moved successfully. C:\Users\user\AppData\Local\TempFxL312.html moved successfully. C:\Users\user\AppData\Local\TempfYp336.html moved successfully. C:\Users\user\AppData\Local\Tempfyy656.html moved successfully. C:\Users\user\AppData\Local\TempgE2032.html moved successfully. C:\Users\user\AppData\Local\TempGeX412.html moved successfully. C:\Users\user\AppData\Local\TempGiB296.html moved successfully. C:\Users\user\AppData\Local\TempGkf480.html moved successfully. C:\Users\user\AppData\Local\TempGR1520.html moved successfully. C:\Users\user\AppData\Local\TempgRg600.html moved successfully. C:\Users\user\AppData\Local\TempgyX592.html moved successfully. C:\Users\user\AppData\Local\TempHDT416.html moved successfully. C:\Users\user\AppData\Local\TempHpI820.html moved successfully. C:\Users\user\AppData\Local\TemphQ2016.html moved successfully. C:\Users\user\AppData\Local\TempHQR980.html moved successfully. C:\Users\user\AppData\Local\Temphtk244.html moved successfully. C:\Users\user\AppData\Local\TempIb1316.html moved successfully. C:\Users\user\AppData\Local\TempId1260.html moved successfully. C:\Users\user\AppData\Local\TempId1320.html moved successfully. C:\Users\user\AppData\Local\TempiEG516.html moved successfully. C:\Users\user\AppData\Local\TempiG1920.html moved successfully. C:\Users\user\AppData\Local\TempIh2036.html moved successfully. C:\Users\user\AppData\Local\TempiRw468.html moved successfully. C:\Users\user\AppData\Local\TempIsi536.html moved successfully. C:\Users\user\AppData\Local\TempIWu316.html moved successfully. C:\Users\user\AppData\Local\TempIx1896.html moved successfully. C:\Users\user\AppData\Local\TempIZc560.html moved successfully. C:\Users\user\AppData\Local\TempjA1916.html moved successfully. C:\Users\user\AppData\Local\TempjDb296.html moved successfully. C:\Users\user\AppData\Local\TempJIP536.html moved successfully. C:\Users\user\AppData\Local\TempjN1612.html moved successfully. C:\Users\user\AppData\Local\TempjN2016.html moved successfully. C:\Users\user\AppData\Local\TempjQb604.html moved successfully. C:\Users\user\AppData\Local\TempjRl316.html moved successfully. C:\Users\user\AppData\Local\TempjYF592.html moved successfully. C:\Users\user\AppData\Local\TempkdG248.html moved successfully. C:\Users\user\AppData\Local\TempKGK496.html moved successfully. C:\Users\user\AppData\Local\TempKk1632.html moved successfully. C:\Users\user\AppData\Local\TempKk2012.html moved successfully. C:\Users\user\AppData\Local\TempKP1972.html moved successfully. C:\Users\user\AppData\Local\TempKqe496.html moved successfully. C:\Users\user\AppData\Local\TempKqU344.html moved successfully. C:\Users\user\AppData\Local\TempkR1260.html moved successfully. C:\Users\user\AppData\Local\TempKw1964.html moved successfully. C:\Users\user\AppData\Local\TempkX1896.html moved successfully. C:\Users\user\AppData\Local\Tempkz1036.html moved successfully. C:\Users\user\AppData\Local\TemplCQ760.html moved successfully. C:\Users\user\AppData\Local\Templk2608.html moved successfully. C:\Users\user\AppData\Local\TemplM1964.html moved successfully. C:\Users\user\AppData\Local\TempLpe492.html moved successfully. C:\Users\user\AppData\Local\Templu2024.html moved successfully. C:\Users\user\AppData\Local\TempmAn524.html moved successfully. C:\Users\user\AppData\Local\Tempmf1920.html moved successfully. C:\Users\user\AppData\Local\Tempmnd604.html moved successfully. C:\Users\user\AppData\Local\TempMoY396.html moved successfully. C:\Users\user\AppData\Local\Tempmq1632.html moved successfully. C:\Users\user\AppData\Local\TempMs1972.html moved successfully. C:\Users\user\AppData\Local\TempmXl412.html moved successfully. C:\Users\user\AppData\Local\TempmyS336.html moved successfully. C:\Users\user\AppData\Local\TempNa1632.html moved successfully. C:\Users\user\AppData\Local\TempniO336.html moved successfully. C:\Users\user\AppData\Local\TempNnC600.html moved successfully. C:\Users\user\AppData\Local\TempNq1996.html moved successfully. C:\Users\user\AppData\Local\TempnsF304.html moved successfully. C:\Users\user\AppData\Local\TempNTA328.html moved successfully. C:\Users\user\AppData\Local\TempNtc332.html moved successfully. C:\Users\user\AppData\Local\TempnuW316.html moved successfully. C:\Users\user\AppData\Local\TempnWS412.html moved successfully. C:\Users\user\AppData\Local\TempnZ1996.html moved successfully. C:\Users\user\AppData\Local\Tempoal592.html moved successfully. C:\Users\user\AppData\Local\Tempoe1520.html moved successfully. C:\Users\user\AppData\Local\TempOEk244.html moved successfully. C:\Users\user\AppData\Local\TempOJA516.html moved successfully. C:\Users\user\AppData\Local\TempOK1828.html moved successfully. C:\Users\user\AppData\Local\TempOKW596.html moved successfully. C:\Users\user\AppData\Local\TempoL1484.html moved successfully. C:\Users\user\AppData\Local\TempoRZ244.html moved successfully. C:\Users\user\AppData\Local\TempoS1036.html moved successfully. C:\Users\user\AppData\Local\Tempou1188.html moved successfully. C:\Users\user\AppData\Local\TempPDN504.html moved successfully. C:\Users\user\AppData\Local\TemppHi780.html moved successfully. C:\Users\user\AppData\Local\Temppj1484.html moved successfully. C:\Users\user\AppData\Local\TemppL1036.html moved successfully. C:\Users\user\AppData\Local\TempPmL612.html moved successfully. C:\Users\user\AppData\Local\TempPO1888.html moved successfully. C:\Users\user\AppData\Local\Temppw1972.html moved successfully. C:\Users\user\AppData\Local\TemppWf344.html moved successfully. C:\Users\user\AppData\Local\TemppXt524.html moved successfully. C:\Users\user\AppData\Local\TempQes320.html moved successfully. C:\Users\user\AppData\Local\TempqgW240.html moved successfully. C:\Users\user\AppData\Local\TempQh2476.html moved successfully. C:\Users\user\AppData\Local\Tempqi1916.html moved successfully. C:\Users\user\AppData\Local\TempqN2012.html moved successfully. C:\Users\user\AppData\Local\TempqnO492.html moved successfully. C:\Users\user\AppData\Local\TempQNw560.html moved successfully. C:\Users\user\AppData\Local\TempQOH824.html moved successfully. C:\Users\user\AppData\Local\TempQS1916.html moved successfully. C:\Users\user\AppData\Local\TempQx1608.html moved successfully. C:\Users\user\AppData\Local\TempqZd516.html moved successfully. C:\Users\user\AppData\Local\TemprEz596.html moved successfully. C:\Users\user\AppData\Local\Temprf1208.html moved successfully. C:\Users\user\AppData\Local\TempRhU420.html moved successfully. C:\Users\user\AppData\Local\TempRQZ604.html moved successfully. C:\Users\user\AppData\Local\TempRTI320.html moved successfully. C:\Users\user\AppData\Local\TempSE1884.html moved successfully. C:\Users\user\AppData\Local\Tempsh1260.html moved successfully. C:\Users\user\AppData\Local\TempsJ1260.html moved successfully. C:\Users\user\AppData\Local\TempSmt540.html moved successfully. C:\Users\user\AppData\Local\TempSov504.html moved successfully. C:\Users\user\AppData\Local\TempSoy512.html moved successfully. C:\Users\user\AppData\Local\TempSr1880.html moved successfully. C:\Users\user\AppData\Local\TempsRQ136.html moved successfully. C:\Users\user\AppData\Local\TempSsB480.html moved successfully. C:\Users\user\AppData\Local\TempSta512.html moved successfully. C:\Users\user\AppData\Local\TempTe1884.html moved successfully. C:\Users\user\AppData\Local\Temptfb300.html moved successfully. C:\Users\user\AppData\Local\TempTG1608.html moved successfully. C:\Users\user\AppData\Local\TempTh1880.html moved successfully. C:\Users\user\AppData\Local\TempTIp596.html moved successfully. C:\Users\user\AppData\Local\TempTIS568.html moved successfully. C:\Users\user\AppData\Local\TempTJI468.html moved successfully. C:\Users\user\AppData\Local\TemptmF512.html moved successfully. C:\Users\user\AppData\Local\TemptMn336.html moved successfully. C:\Users\user\AppData\Local\Temptoe612.html moved successfully. C:\Users\user\AppData\Local\TempTSJ508.html moved successfully. C:\Users\user\AppData\Local\Temptto420.html moved successfully. C:\Users\user\AppData\Local\TemptVt344.html moved successfully. C:\Users\user\AppData\Local\TemptWK244.html moved successfully. C:\Users\user\AppData\Local\Tempuir320.html moved successfully. C:\Users\user\AppData\Local\TempuIu656.html moved successfully. C:\Users\user\AppData\Local\TempuLB320.html moved successfully. C:\Users\user\AppData\Local\TempuLY236.html moved successfully. C:\Users\user\AppData\Local\TempuOg820.html moved successfully. C:\Users\user\AppData\Local\TempUwFu12.html moved successfully. C:\Users\user\AppData\Local\TempuXj492.html moved successfully. C:\Users\user\AppData\Local\TempUzS288.html moved successfully. C:\Users\user\AppData\Local\TempVEv512.html moved successfully. C:\Users\user\AppData\Local\TempVHg512.html moved successfully. C:\Users\user\AppData\Local\TempVj1612.html moved successfully. C:\Users\user\AppData\Local\TempVNG312.html moved successfully. C:\Users\user\AppData\Local\TempVps344.html moved successfully. C:\Users\user\AppData\Local\TempwdE516.html moved successfully. C:\Users\user\AppData\Local\TempWEW396.html moved successfully. C:\Users\user\AppData\Local\TempwiQo12.html moved successfully. C:\Users\user\AppData\Local\TempWNh516.html moved successfully. C:\Users\user\AppData\Local\Tempww2608.html moved successfully. C:\Users\user\AppData\Local\Tempxav316.html moved successfully. C:\Users\user\AppData\Local\TempXBA352.html moved successfully. C:\Users\user\AppData\Local\TempxBx692.html moved successfully. C:\Users\user\AppData\Local\TempXdN568.html moved successfully. C:\Users\user\AppData\Local\Tempxef604.html moved successfully. C:\Users\user\AppData\Local\TempXQ2004.html moved successfully. C:\Users\user\AppData\Local\TempXr1828.html moved successfully. C:\Users\user\AppData\Local\TempyaE980.html moved successfully. C:\Users\user\AppData\Local\TempYBn452.html moved successfully. C:\Users\user\AppData\Local\TempyEF692.html moved successfully. C:\Users\user\AppData\Local\TempyEO244.html moved successfully. C:\Users\user\AppData\Local\TempyIU624.html moved successfully. C:\Users\user\AppData\Local\TempYKH600.html moved successfully. C:\Users\user\AppData\Local\TempYL2028.html moved successfully. C:\Users\user\AppData\Local\TempYlf824.html moved successfully. C:\Users\user\AppData\Local\TempYMx300.html moved successfully. C:\Users\user\AppData\Local\TempYS1640.html moved successfully. C:\Users\user\AppData\Local\TempZdX508.html moved successfully. C:\Users\user\AppData\Local\TempzkH248.html moved successfully. C:\Users\user\AppData\Local\TempzN2036.html moved successfully. C:\Users\user\AppData\Local\TempzOW412.html moved successfully. C:\Users\user\AppData\Local\TempzTd316.html moved successfully. C:\Users\user\AppData\Local\Tempztj328.html moved successfully. C:\Users\user\AppData\Local\TempzuO780.html moved successfully. C:\Users\user\AppData\Local\TempZyl332.html moved successfully. C:\Users\user\AppData\Local\TempZzp416.html moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Default User: Default User User: Marta User: Public User: user ->Flash cache emptied: 1154 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Marta ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: user ->Temp folder emptied: 314843 bytes ->Temporary Internet Files folder emptied: 32969 bytes ->Java cache emptied: 43819091 bytes ->FireFox cache emptied: 73569335 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 415 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59349 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 112,00 mb OTL by OldTimer - Version 3.2.17.1 log created on 10302010_083853 Files\Folders moved on Reboot... File\Folder C:\Users\user\AppData\Local\Temp\~DF930.tmp not found! File\Folder C:\Users\user\AppData\Local\Temp\~DF9D6.tmp not found! File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\sqlite_N4yeThYumYGXJN0 not found! Registry entries deleted on Reboot... Nowy log OTL.txt: OTL logfile created on: 2010-10-30 08:49:51 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\user\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Computer Name: MARTITA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-10-30 08:45:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2010-10-29 08:23:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-10-20 08:45:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2010-03-09 08:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009-09-23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007-02-07 00:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clcapsvc.exe PRC - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clsched.exe PRC - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\acer\acer arcade\kernel\clml_ntservice\clmlserver.exe PRC - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006-12-01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-09-26 22:03:57 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai) SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010-05-28 03:43:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-08-24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS) SRV - [2009-08-05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009-05-14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0) SRV - [2008-08-07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008-07-13 21:30:28 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\adeona\cygrunsrv.exe -- (AdeonaClientService) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007-05-31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010-09-01 12:20:36 | 000,120,168 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32) DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-12-30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-08-05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007-02-07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007-02-07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007-02-07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2006-12-27 03:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2006-12-19 12:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2006-12-07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006-12-01 07:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-11-10 08:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-11-06 11:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2006-11-06 09:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2006-11-06 09:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2006-11-02 15:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006-10-25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-10-25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-10-25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-10-23 05:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006-10-18 05:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006-10-18 05:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006-10-18 05:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006-08-04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005-12-21 15:44:13 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2005-02-23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2004-04-10 10:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://poczta.o2.pl/" FF - prefs.js..extensions.enabledItems: zapiska@zapiska.pl:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - user.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "" FF - user.js..network.proxy.http_port: FF - user.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-10 00:35:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 08:23:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 08:23:30 | 000,000,000 | ---D | M] [2010-04-25 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010-10-29 21:42:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions [2010-07-22 22:10:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-19 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\zapiska@zapiska.pl [2010-10-17 21:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-10 17:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-10 17:06:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010-09-18 09:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-09-18 09:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-09-18 09:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-09-18 09:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-09-18 09:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-09-18 09:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-10-29 22:15:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data] O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-07 19:05:04 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-01-14 22:48:13 | 000,000,067 | ---- | M] () - E:\AUTORUN_.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-10-30 08:38:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010-10-29 23:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010-10-29 22:17:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010-10-29 22:09:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2010-10-29 21:48:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-10-29 21:48:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-10-29 21:48:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-10-29 21:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-10-29 21:47:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-10-29 21:05:37 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010-10-23 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\KoshyJohn.com [2010-10-20 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ściągnięcia MAGIX [2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\MAGIX [2010-10-17 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Xara [2010-10-17 21:11:31 | 000,000,000 | ---D | C] -- C:\Users\user\.bogfran [2010-10-17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hide Your IP Address [2010-10-16 22:30:33 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\System32\HMIPCore.dll [2010-10-16 22:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010-10-16 21:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2010-10-16 21:08:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SlySoft [2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vso [2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\PcSetup [2010-10-14 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Garritan [2010-10-11 00:16:53 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll [2010-10-10 20:59:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{680651BD-F2C0-418E-81A1-6F3DEB958964} [2010-10-10 17:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-10-10 17:06:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-06 23:30:16 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010-10-03 00:44:45 | 000,000,000 | ---D | C] -- C:\Windows\registration [2010-10-02 23:26:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010-10-02 23:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2010-10-02 22:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010-10-01 13:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2010-10-01 11:34:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-10-01 11:33:52 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010-10-01 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SoftGrid Client [2010-10-01 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2010-10-01 10:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2010-10-01 10:54:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TP [2008-09-25 23:57:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [2005-12-21 15:47:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-10-30 08:43:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP [2010-10-30 08:42:35 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-10-30 08:42:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010-10-30 08:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-10-30 08:40:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-10-29 22:15:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-10-29 20:53:35 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010-10-28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe [2010-10-23 20:11:21 | 002,524,990 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-10-23 20:11:21 | 001,936,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-10-23 20:11:21 | 001,394,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-10-23 20:11:20 | 000,792,904 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-10-20 20:37:45 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2010-10-20 20:20:51 | 000,013,985 | ---- | M] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx [2010-10-20 08:45:53 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job [2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010-10-18 08:28:41 | 001,141,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2010-10-16 22:09:52 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010-10-16 21:19:11 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010-10-16 21:07:27 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [2010-10-16 21:07:27 | 000,007,887 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2010-10-16 21:07:27 | 000,001,144 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2010-10-14 12:45:49 | 006,892,224 | ---- | M] () -- C:\Users\user\Documents\_01754_mp3.zip [2010-10-14 10:10:37 | 000,157,260 | ---- | M] () -- C:\Users\user\Documents\bossa_nova.pdf [2010-10-11 00:16:16 | 000,001,024 | ---- | M] () -- C:\Users\user\.rnd [2010-10-10 20:59:28 | 000,034,704 | ---- | M] () -- C:\Windows\syscall.dat [2010-10-10 17:06:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-10 17:06:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010-10-06 15:11:54 | 000,051,712 | ---- | M] () -- C:\Users\user\Documents\Señor elefante.doc [2010-10-06 11:29:35 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010-10-04 11:15:01 | 000,202,752 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-03 23:07:29 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010-10-03 23:07:29 | 000,000,008 | RHS- | M] () -- C:\Windows\System32\4AD3B3EC6F.sys [2010-10-01 17:45:10 | 000,012,690 | ---- | M] () -- C:\Users\user\Documents\Organizational telephone list1.xlsx [2010-10-01 12:30:33 | 000,038,585 | ---- | M] () -- C:\Users\user\Documents\Budżet.xlsx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-29 21:48:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-10-29 21:48:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-10-29 21:48:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-10-29 20:53:35 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010-10-20 20:37:45 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2010-10-20 08:45:53 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job [2010-10-18 21:42:47 | 000,013,985 | ---- | C] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx [2010-10-16 21:18:50 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2010-10-16 21:18:45 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010-10-14 12:45:44 | 006,892,224 | ---- | C] () -- C:\Users\user\Documents\_01754_mp3.zip [2010-10-14 10:10:37 | 000,157,260 | ---- | C] () -- C:\Users\user\Documents\bossa_nova.pdf [2010-10-11 00:16:53 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB [2010-10-06 15:11:52 | 000,051,712 | ---- | C] () -- C:\Users\user\Documents\Señor elefante.doc [2010-10-03 23:07:29 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010-10-03 23:07:29 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4AD3B3EC6F.sys [2010-10-01 12:56:06 | 000,012,690 | ---- | C] () -- C:\Users\user\Documents\Organizational telephone list1.xlsx [2010-10-01 12:30:24 | 000,038,585 | ---- | C] () -- C:\Users\user\Documents\Budżet.xlsx [2010-08-27 23:29:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP [2010-08-18 21:41:51 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm [2010-08-15 16:44:40 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010-06-14 23:35:41 | 000,000,042 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.pls [2010-06-09 00:55:47 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-05-26 21:50:08 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010-04-24 09:11:35 | 000,000,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\YouChoob-Stats.xml [2010-03-24 22:15:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4AD3B3EC6F.sys [2010-03-24 22:15:40 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010-03-22 22:02:22 | 000,001,527 | ---- | C] () -- C:\Windows\System32\sk_bho.ini [2010-03-07 20:25:12 | 000,202,752 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-07 14:24:16 | 000,002,686 | ---- | C] () -- C:\Windows\TRNCOM.INI [2010-03-07 14:22:59 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI [2009-10-24 02:10:46 | 000,021,240 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll [2009-10-24 02:10:46 | 000,013,560 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll [2009-10-11 18:51:57 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2009-09-20 15:03:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2009-08-22 20:52:35 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll [2009-08-22 20:52:31 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll [2009-08-22 20:52:29 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll [2009-08-22 20:52:29 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll [2009-08-22 20:52:01 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll [2009-08-21 22:44:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll [2009-08-21 22:44:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DetectDxQT.dll [2009-08-21 02:38:40 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-08-21 02:36:10 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll [2009-08-17 08:07:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-08-16 21:36:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009-06-12 23:07:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009-05-16 19:52:20 | 000,000,077 | ---- | C] () -- C:\Windows\adidsl.ini [2009-05-09 07:59:53 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009-03-27 20:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI [2009-03-27 20:22:55 | 001,371,436 | R--- | C] () -- C:\Windows\System32\VBAR2132.DLL [2009-03-27 20:03:20 | 000,000,032 | ---- | C] () -- C:\Windows\barcode.ini [2009-02-01 21:34:52 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2009-01-14 00:48:02 | 000,000,028 | ---- | C] () -- C:\Users\user\AppData\Roaming\GRGames.ini [2008-12-17 13:33:49 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2008-10-04 13:43:43 | 000,000,148 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss [2008-10-04 10:57:23 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008-09-25 23:57:31 | 000,081,920 | ---- | C] () -- C:\Users\user\AppData\Roaming\ezpinst.exe [2008-09-25 23:57:31 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2008-09-25 23:57:30 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2008-08-10 11:38:12 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI [2008-08-10 11:35:49 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008-08-10 11:34:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008-08-10 11:33:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008-07-14 23:45:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008-07-14 19:48:56 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008-07-14 17:01:04 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-07-14 12:09:52 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2008-02-11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007-02-06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007-02-06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007-02-06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007-02-06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007-02-06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007-02-06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006-11-03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005-12-22 00:49:42 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2005-12-21 22:43:09 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2005-12-21 22:43:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2005-12-21 22:43:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005-12-21 22:42:01 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini [2005-12-21 15:58:04 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2005-12-21 15:58:04 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2005-12-21 15:57:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2005-12-21 15:47:55 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2005-12-21 15:37:46 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2004-12-20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004-12-20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002-12-14 23:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\oggDS.dll [2002-12-14 23:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002-12-14 23:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002-12-14 22:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2002-11-15 14:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll [2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000088.DLL [2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-06-07 01:11:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo [2010-08-18 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity [2010-04-29 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Auslogics [2010-04-25 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avsmedia [2010-08-28 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET [2010-10-10 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fighters [2010-06-28 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gadu-Gadu 10 [2010-10-14 10:11:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garritan [2010-10-09 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GHISLER [2010-06-09 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GlarySoft [2010-05-30 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KC Softwares [2010-10-23 21:44:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KoshyJohn.com [2010-10-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX [2010-06-01 14:51:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2010-10-23 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RayV [2010-10-16 21:08:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SlySoft [2010-09-15 01:15:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smart PC Solutions [2010-10-28 23:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2010-06-07 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland [2010-05-08 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony [2010-09-19 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall [2010-10-01 11:03:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP [2010-09-28 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems [2010-09-19 11:26:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2010-05-14 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VoipCheapCom [2010-10-16 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso [2010-05-29 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wsInspector [2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job [2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010-09-17 00:57:54 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job [2010-09-16 23:45:32 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegCure.job [2010-10-30 08:40:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-02-04 23:13:47 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-user-Startup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 358 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DDF13E9F @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  18. marcos777
    Witam, laptop z Vista HomeBasic 32 od jakiegoś czasu dziwnie się zachowywał. Nic nie robił, zwis, klepsydra i długa cisza z oczekiwaniem na cokolwiek. Oprócz tego nie dało się np. zaktualizować systemu, bo system nie wstawał po konkretnej aktualizacji M$ KB968912 lub po instalacji AVG AntiVirus Free 2011. Dziś nie dało się zainstalować nowej wersji Skypa (brak uprawnień administratora, itp). Były też problemy w Adobe Acrobat 9 Pro i Office Home and Student 2010. Wyłączał się bez zapisywania zmian,... Eset i MBAM nic nie widział. CF usunął coś i wydaje się, że już chodzi lepiej, tzn. przynajmniej nie muli. Proszę o końcowe instrukcje/skrypty, jak tu jeszcze posprzątać. Log CF: http://wklej.org/id/409395/ Log ComboFix-quarantined-files: 2010-10-29 20:21:20 . 2010-10-29 20:21:20 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SWPROguard.reg.dat 2010-10-29 20:08:19 . 2010-10-29 20:08:19 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpudriver.reg.dat 2010-10-29 20:08:19 . 2010-10-29 20:08:19 1,112 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_cpudriver.reg.dat 2010-10-29 20:04:39 . 2010-10-29 20:04:39 6,603 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-10-29 19:48:43 . 2010-10-29 19:52:00 62 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-10-16 19:18:44 . 2010-10-16 19:18:44 22,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temporary\cpu.sys.vir 2010-10-16 19:07:24 . 2010-10-16 19:07:27 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\inst.exe.vir 2008-08-05 07:37:20 . 2008-01-19 07:33:33 25,088 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir Log OTL.txt: http://wklej.org/id/409396/ Log OTL Extras: http://wklej.org/id/409397/ Log GMER: niestety zawiesza się GMER Pozdrawiam, Marek
  19. marcos777
    W zasadzie komputer już chodzi dużo szybciej, prawie normalnie. Więc temat chyba do zamknięcia. Ale Usługa Windows Search jest stale wyłączona, a w Dzienniku zdarzeń dalej są błędy tyczące tej usługi i liczników wydajności. Proszę na koniec jeszcze o rzut okiem na końcowe logi: OTL.TXT http://wklej.org/id/479650/txt/ OTL.EXTRA http://wklej.org/id/479651/txt/
  20. marcos777
    Picasso, wszystkie polecenia wykonałem. Komputer wyraźnie przyśpieszył. Usługa Windows Search mimo zatrzymania, po restarcie zrobiła się znów aktywna. Te same błędy wyskoczyły w OTL. Później jeszcze raz ją zatrzymałem, restart i już widać było przy niej tylko opcję "Uruchom" w services.msc. Ale już nie wykonałem ponownego skanowania OTL. Dodatkowo: RegCleaner, Odkurzacz, Ashampoo Win Optimizer. Usunąłem na chwilę Eseta. Potem zainstaluję jeszcze raz. ESET - faktycznie, po ponownym zainstalowaniu zauważalne, ale lekkie spowolnienie systemu. Legalny, pobrany ze strony producenta. Komp był niedawno defragmentowany MyDefrag. Ale zainstaluję zaraz i zrobię pełną defragmentację PerfectDisk Pro11. Podaję logi, proszę o uwagi co jeszcze można zrobić. OTL.TXT http://wklej.org/id/479652/txt/ OTL.EXTRAS http://wklej.org/id/479653/txt/ Boot Diagram_export http://wklej.org/id/542828/txt/ Czy coś z tego można usunąć? screen_Windows Installer Clean Up
  21. marcos777
    Podaję log: Gmer.txt Gmer_screen mbr.log Defogger Sprawdziłem, wirtualnych napędów nie mam, ale nie czyściłem ewentualnych pozostałości (jak w linku zalecenie). Wykonałem tylko Defogger i SPTD. Jak trzeba to jeszcze to wykonam. SPTDinst nic nie znalazł. -- Zgodnie z zaleceniem Sality proszę moda o przesunięcie wątku do Działu Bezpieczeństwa. =============================
  22. marcos777
    Witam, komputer wolno otwiera aplikacje. Szczególnie rano jak się go pierwszy raz po nocy załączy - ukazuje się puste okno danej aplikacji, klepsydra i trzeba czekać kilka minut aż zaskoczy. Proszę o kontrolę logów OTL i instrukcje: OTL txt OTL Extras
  23. marcos777
    Fix IE Utility nic nie zdziałał. Przywracanie systemu nie działało, chociaż było kilkanaście PPS. Pomógł dopiero kontroler plików systemowych i płytka z XP. Mam 14 screenów odnośnie informacji o zainstalowanych dodatkach do IE. 2 dodatki ActiveX były uszkodzone. Może jutro wrzucę, jak będę miał chwilę czasu (jakby ktoś chciał się doktoryzować). Ale generalnie już jest OK i temat do zamknięcia. Dziękuję za pomoc DawidS28.
  24. marcos777
    Ok DawidS28, "Fix IE Utility" zrobię jutro, jak wrócę do pracy. Logi OTL mam już gotowe, ale wysyłam Ci z pewnych względów tylko na priva.
  25. marcos777
    Witam, dzisiaj rano kolega w pracy odpalił kompa z XP, kliknął na żółtą ikonkę aktualizacji systemu. Prawdopodobnie od tego zdarzenia nie da się uruchomić normalnie IE. Pokazuje się na 1 sek. strona startowa i znika, bez żadnego komunikatu. Po wybraniu opcji " Uruchom IE - bez dodatków" jest OK, tzn. IE się otwiera i działa, z tym że w ograniczonym zakresie. Odinstalowałem IE i pobrałem nowy z M$ i zainstalowałem, lecz jest bez zmian. Załączam log "Windows Update Log Report for the last 24 hours. Kojarzymy tą awarię z dzisiejszą aktualizacją, bo w piątek wszystko było Ok, ale może jesteśmy w błędzie, bo potem odinstalowaliśmy te aktualizacje i nic to nie zmieniło.
×
×
  • Dodaj nową pozycję...