marcos777

Witam,

wykonując Windows Worms Doors Cleaner - wciąż wyskakuje taki komunikat jak w załączniku - nie można zamknąć Messengera.

Od zawsze. Laptop Vista HE 32.

Jest na to jakaś rada?

Microsoft Security Bulletin MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

OTL.txt

OTL.Extras

Pożyjemy, zobaczymy. Dam znać, jak się coś znów wysypie.

Odkurzany był w środku niedawno, przy okazji naprawy wyjścia słuchawkowego, ale pastę termoprzewodzącą muszę dopiero kupić.

Dzięki

Aha, a co z GMERem i pozostałymi logami z 1. postu?

Pastę wymieniałem ~ 1-1,5 rok temu przy okazji czyszczenia wnętrza. Wentylator bardzo głośno pracował, tak był zabrudzony i zatarty.

Lapcio dopiero niedawno się zaczął wyłączać.

Teraz jak go podniosłem na specjalnych podstawkach w górę, by miał lepsze chłodzenie od spodu, to czuję, że ma dużo zimniejszą obudowę.

Kolego zrób skan swojego dysku jak wygląda jego powierzchnia i SMART wrzuć logi.

Proszę:

EVEREST - pełny raport

CPUID HWMONITOR - raport

CPUID SMBUS - raport

MHDD SMART

Nie zamieszczam pełnych opisów, tylko numer ID i wartości.

A pełne "Attribute name" są tutaj diagnostyka SMART w Wikipedii

wraz z opisem i TUTAJ.

Raport MHDD + SMART

Udało się, oto log Gmer

Kolego, a sprawdzałeś czy ten laptop się nie przegrzewa, bo to jest częsta przyczyna wyłączania się takich sprzętów, zapchany od kurzu wentylator. Robi się taka powłoczka która uniemożliwia odprowadzanie ciepła.

Kiedyś go rozbierałem i czyściłem wszystko w środku oraz dołożyłem pasty pod procesor.

Faktycznie by strasznie zakurzony, powodowało to, że wentylator chodził baaardzo głośno.

Teraz jest cichy, temp. osiągi, itp ...

EVEREST

Podniosłem lapcia przed chwilą na specjalnych podstawkach w górę, by miał lepsze chłodzenie od spodu.

Co do tego warna:

 

View Postmarcos777, on 05-02-2011 - 15:23, said:

Wyskakuje też czasem komunikat:

 

program Proces hosta systemu Windows (Rundll32) przestał działać

 

System podpowiada, że można zmieniać ustawienia w DEP, jeśli problem z Rundll32: DEP

 

- to ogranicz funkcję DEP tylko dla komponentów Windows http://www.vistax64....f-programs.html

- Ok, zrobiłem to - ustawiłem DEP:

tylko dla istotnych programów i usług Windows.

A było ustawione:

...DEP .... dla wszystkich, oprócz: CToolbar.exe i WindowsMovieMaker.

----------------

Vista w Panel sterowania / Informacje wydajności i narzędzia / Raporty i rozwiązywanie problemów zgłasza błędy na HDD:

 

Troubleshoot a problem with a hard disk drive

Windows was temporarily unable to read your hard disk drive. We don't know the exact cause of the problem. In most cases, this type of condition is momentary and doesn't indicate a serious problem, but sometimes it means that a hard disk is failing.

 

Common causes of this problem

 

Aging or failing hard disks. To prevent file corruption and data loss, we recommend that you back up all of your important files and folders immediately. See step 1 in the section below for more information.

 

Large file transfers from secondary media, such as an external hard drive, to a local hard drive.

 

Loss of power to a hard disk drive that causes inconsistent data sectors.

 

Hard disk-intensive processes such as antivirus scanners.

 

Recently installed hardware that might have compatibility and performance problems.

 

Before you begin the troubleshooting steps below, we recommend backing up the files and folders on your computer.

 

Back up your files and folders to prevent data loss

 

Click to open Backup and Restore Center

 

Note

The Backup and Restore Center is not included in Windows Vista Starter Edition.

 

Click Back up files, and then follow the steps in the wizard. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

 

Note

You should back up your files and folders on a regular basis to protect your data from unexpected hardware problems. Also, when creating backups, it is helpful to use a portable storage device, such as an external hard disk, as the drive you save backups on. This is preferable to storing backups on a local, internal hard disk because it keeps this important recovery data separate from your computer.

 

The following steps can help identify whether the cause of the problem is temporary or whether it is a more serious problem with your hard disk. Try the steps in the order given. If one step doesn't solve the problem, then move on to the next one.

 

Restart your computer

 

Make sure that the problem is not just a temporary one by restarting your computer and repeating what you were doing when the error occurred. If the error persists, try the next step.

 

Install the latest updates for your computer

 

If the error occurred shortly after adding a new hardware device, the device or its driver might be causing the problem. First, install the latest updates on your computer (including hardware updates).

 

How do I download and install the latest updates for my computer?

 

Use Windows Update to check for and install updates:

Click to go online to the Windows Update website

 

In the left pane, click the Check for updates link, and then click View available updates.

 

What if I don't see any available updates?

 

If you see You receive updates: Managed by your system administrator, you can try clicking the link to Check online for updates from Microsoft Update or Check online for updates from Windows Update, but you might need to contact your system administrator to obtain the desired updates.

 

If you don't see the message above and no updates are available in Windows Update, after you click the Check for Updates link in the left pane, then the available updates have already been installed.

 

Select all Important and Recommended updates.

 

Select the Optional updates you want, and then click Install. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

 

If you recently added a new hardware device to your computer, go online to the manufacturer's website to see if a driver update is available.

 

How do I find my computer manufacturer?

 

Click the Start button , type msinfo32 in the Search box, and then press ENTER. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window.

 

Click to go online to see contact information for most computer manufacturers

If you recently added a new program to your computer, go online to the manufacturer's website to see if an update is available.

 

If this does not solve the problem, then remove the hardware device and check to see if the problem goes away.

 

Run the disk error-checking tool

 

You can help solve some computer problems and improve the performance of your computer by making sure that your hard disk has no errors.

 

Click the Start button , and then click Computer.

 

Right-click the hard disk drive that you want to check, and then click Properties.

 

Click the Tools tab, and then, under Error-checking, click Check Now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

 

To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors. Otherwise, the disk check will report problems but not fix them.

 

To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard disk itself, and it can take much longer to complete.

 

To check for both file errors and physical errors, select both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.

 

Click Start.

 

Depending upon the size of your hard disk, this might take several minutes or longer. For best results, don't use your computer for any other tasks while it's checking for errors.

 

Note

If you select Automatically fix file system errors for a disk that is in use (for example, the partition that contains Windows), you'll be prompted to reschedule the disk check for the next time you restart your computer.

 

Have your disk drive cables checked

 

If the previous steps did not solve the problem, have your computer checked for faulty or unplugged hard disk cables and connectors. We suggest contacting your computer manufacturer for troubleshooting and repair recommendations.

 

How do I find my computer manufacturer?

 

Click the Start button , type msinfo32 in the Search box, and then press ENTER. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window.

 

Click to go online to see contact information for most computer manufacturers

 

Coś tego wykonać?

oraz

Address a problem with Mozilla Firefox plugin-container

Mozilla Firefox plugin-container has stopped working properly.

 

For information about possible solutions to this problem, go online to the following Knowledge Base (KB) article:

klik

 

Witam,

od jakiegoś czasu bardzo często laptop (Vista HE 32) po prostu sam się wyłącza podczas pracy z dokumentami, zdjęciami lub innymi programami.

Wyskakuje też czasem komunikat: "Proces hosta systemu Windows (Rundll32) przestał działać"

System podpowiada, że można zmieniać ustawienia w DEP, jeśli problem z Rundll32: DEP

Zamieszczam logi:

OTL.TXT

OTL.EXTRAS

GMER: ... (skanuje się jeszcze)

DrWeb

Ad-REMOVER

Findykill

TDSS

Proszę o instrukcje.

-----

Właśnie przed chwilą - w trakcie skanowania Gmer, znów sam się laptop wyłączył, ale tym razem pojawił się też niebieski ekran.

Niestety nie zdążyłem podejść, by zapisać numer błędu.

Skanuję Gmerem od nowa....

- Przeskanowałem kompa programem Exterminate It! - nie znalazł jednak żadnej infekcji związanej z NOD1.tmp (ale wszystkie pliki NODxxx.tmp usunąłem wcześniej ręcznie).

- W ESET - ustawienie parametrów technologii ThreatSense odhaczyłem: "Uruchom skanowania w tle z niskim priorytetem"

- Zrobiłem jeszcze optymalizację systemu, defrag rejestru, itp.

W tej chwili laptop i internet chodzą już normalnie. Bardzo dziękuję wszystkim za pomoc. Odezwę się, jak znów zaleją mnie te tempy z NODa i spowolni neta.

Pozdrawiam

Wszystko wykonane, co poleciliście Panowie.

Oraz Ccleaner, DiskMax.

Nie wiem co robić z tymi Nod****.tmp ?

Po wczorajszym usunięciu tych plików, komp trochę przyśpieszył.

pozdrawiam.

Marek

Witam,

internet zamulony, wolno otwierają się strony poczty, nie ładują się filmy na YT, itp.

Co jakiś czas w katalogu Windows \ Temp tworzy się olbrzymia ilość plików o nazwach typu NODXXX.tmp. Dziś 65 000, kiedyś 120 000 sztuk.

Usuwam je, ale tworzą się znów po jakimś czasie.

Skasowanie zawartość katalogu C:\Windows\Temp.

Pozdrawiam,

Extras.Txt

OTL.Txt

Witam picasso, przepraszam za opóźnienie - wyjechałem, więc dopiero teraz kilka wyjaśnień:

- strasznie mulił, tzn. np. długo się otwierały strony FF, wolno się przewijały www, pomału otwierała się poczta, wpisując nazwę użytkownika poczty w FF -

po wpisaniu nazwy czy hasła, było widać tylko 1 znak, po kilkunastu sekundach dopiero się pojawiała reszta, długie oczekiwanie na reakcję,

Po restarcie ikony pulpitu dłuuugo są białe, potem po długim czasie, po kolei zmieniają się na normalne.

- dźwięki systemowe z echem (powtórzenia) i z pogłosem

- Trojan Remover znalazł kilka trojanów i usunął (potem podam nazwy i lokalizacje, jak wrócę do domu)

- chciałem zrobić tylko OTL i Gmera, ale OTL.exe nie działał, tzn. po zapuszczeniu rozpoczynał skanowanie i nie kończył pracy.Chwilę poskanował, wyświetla: Processing (deleteself) i nic więcej się nie dzieje.

Dopiero OTL.SCR zadziałał.

- GMER pobierany z różnych lokalizacji/nazw ruszał i stawał kilka razy. Zawsze na C:\Windows\System32\Drivers\.... np. easdrv.sys.

Jak zmieniłem na próbę nazwę na esadrv.sy_ skanowanie poszło dalej, ale stanęło na videopart.sys.

Znów zmieniłem kolejną nazwę, ... poszło dalej i stanęło na eaps2kbd.sys. Itd.

I tak może stać kilka godzin na danym sterowniku.

- myślałem, że Combofix sobie poradzi.

Ale i on tylko rozpoczynał skanowanie, tworzył nawet PPS, pokazywało się okno, że Skanowanie w poszukiwaniu zainfekowanych plików... i potrwa ok. 10 minut itp. i koniec. Stoi, nic nie robi.

Nie było już info o zablokowanym zegarze i ukończonych etapach.

- w trybie awaryjnym to samo się dzieje, nie da się przeskanować kompa OTL, Gmerem, CF.

- Avengera odpaliłem, bo nie wpisując skryptu i tak wykonuje skanowanie i jak coś znajdzie to może usunąć.

- w Autoruns pousuwałem w SRV i DRV "File not found" - było takich więcej niż w wykazie.

- proszę o więcej info na temat: "Wejdź w Dziennik i przeklej z właściwości błędu dokładną formułę".

- Magix i Ashampoo powyłączałem w Uruchamianiu

- chętnie zrobiłbym sfc /scannow, ale nie wiem czemu nie czyta napęd CD. Da się to zrobić z pendriva lub z HDD?

Pozdrawiam,

Witam,

laptop muli. XP HE SP3.

Proszę o pomoc w analizie logów:

OTL.txt

OTL.Extras

RSIT.info

RSIT.log

AVENGER.log

RKILL.log

Combofix i Gmer rozpoczynają, ale nie kończą pracy.

W rejestrze mam jeszcze pozostałości do usunięcia: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd

Pozdrawiam,

BitDefender_QScan

Ok. W takim razie ten wątek myślę, że jest do zamknięcia. Dzięki Landuss za pomoc.

Problem WMP11 poruszę w innym dziale.

A na koniec, z tym coś zrobimy: Log

....dziś przeskanowałem lapcia programem Bootkit Remover. 

Chciałbym Cię prosić o instrukcję co z tym np. zrobić:

Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    111 GB  \\.\PhysicalDrive0   Unknown boot code
.\boot_cleaner.cpp(1112) : 
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) : 
.\boot_cleaner.cpp(1151) : Done;

Dysk C: ma teraz brak PPS, choć tak jak pozostałe dyski miał wcześniej zrobiony przez CF o godz. 14:22.

Komunikaty dalej się pojawiają ...0x80070032.

================================

Zrobiłem scan Combofix i znów mam wszystkie PunktyPS (przez niego stworzone).

Log CF

Na koniec chciałem OTL posprzątać, ale nie da się żadnego pliku ściągnąć, bo wyskakuje komunikat:

Plik C:\Users\user\AppData\Local\Temp nie może zostać zapisany, ponieważ nie można zmienić zawartości tego folderu.

Należy zmienić właściwości folderu, a następnie spróbować ponownie lub wybrać inny folder docelowy.

--

Na szczęście po restarcie kompa już się ściągają/zapisują pliki.

===================================

Landuss,

dziś przeskanowałem lapcia programem Bootkit Remover log.

Chciałbym Cię prosić o instrukcję co z tym np. zrobić:

 Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    111 GB  \\.\PhysicalDrive0   Unknown boot code
.\boot_cleaner.cpp(1112) : 
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) : 
.\boot_cleaner.cpp(1151) : Done;

Log USBfix

znalazł m.in. w C:\Users\user\AppData\Local\Temp\pv.exe - to wg Virus Total - trojan Spyware.Bancos.73728

Po prostu go usunąłem, ale nie wiem, czy gdzieś nie trzeba jeszcze poszukać jego pozostałości?

I co z tym?:

 ################## | Files # Infected Folders |


Found ! F:\AUTORUN_.INF
Found ! G:\AUTORUN_.INF

################## | Registry |

Found ! HKCU\Software\MediaSolaris
Found ! HKCU\Software\TurboNet
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

-

Zrobiłem tak: po prostu opcja Deletion w USBFix i usunęło:

################## | Files # Infected Folders |

Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000
Deleted ! E:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000
Not deleted ! F:\AUTORUN_.INF
Not deleted ! G:\AUTORUN_.INF

################## | Registry |

Deleted ! HKCU\Software\MediaSolaris
Deleted ! HKCU\Software\TurboNet
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Aktualny log z USBfix tak wygląda:

############################## | UsbFix 7.034 | [Research]

User: user (Administrator) # MARTITA [Acer Aspire 3690]
Updated 25/10/10 by El Desaparecido / C_XX
Started at 13:54:26 | 31/10/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz
Microsoft® Windows Vista™ Home Basic  (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18943

Windows Firewall: Enabled
RAM -> 2037 Mb 
C:\ (%systemdrive%) -> Fixed drive # 52 Gb (2 Mb free - 5%) [ACER] # NTFS
D:\ -> Fixed drive # 52 Gb (27 Mb free - 51%) [DATA] # NTFS
E:\ -> Fixed drive # 932 Gb (468 Mb free - 50%) [Free Agent Drive_z e w n ę trzny] # NTFS
F:\ -> Removable drive # 4 Gb (900 Mb free - 24%) [uSB_4 GB] # FAT32
G:\ -> Removable drive # 7 Gb (2 Mb free - 24%) [] # FAT32
P:\ -> CD-ROM

################## | Files # Infected Folders |


Found ! F:\AUTORUN_.INF
Found ! G:\AUTORUN_.INF

################## | Registry |


################## | Mountpoints2 |


################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs)
F:\Autorun.inf -> Folder created by Panda USB Vaccine
G:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs)
G:\Autorun.inf -> Folder created by Panda USB Vaccine

################## | E.O.F |

Chciałbym jeszcze usunąć katalogi utworzone przez Flash Disinfector, a zabezpieczyć dyski przez UsbFix.

Na razie nie udaje mi się to.

AD-REMOVER usunął jeszcze klucze ToolBar w rejestrze:

======= REPORT FROM AD-REMOVER 2.0.0.2,B | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 25/10/10 at 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:15:09 on 31/10/2010, Normal boot

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) 
user@MARTITA (Acer Aspire 3690) 

============== ACTION(S) ==============



(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin
Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
Key deleted: HKCU\Software\AppDataLow\AskBarDis


============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.12 (pl)] **

========================================

** Internet Explorer Version [8.0.6001.18943] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1

[HKLM\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 31/10/2010 (2301 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 31/10/2010 (2467 Byte(s)) 

End at: 14:17:11, 31/10/2010 

============== E.O.F ============== 

A tu jest coś do zrobienia:

Log FindyKill ?

Sprawdziłem, jest: Uruchomiono - Automatyczny - System lokalny.

Wyeksportowałem całą listę usług.

OTL posprzątał.

A wreszcie udało się uzyskać Log GMER

Dziękuję Ci Landuss za pomoc, komp wyraźnie przyśpieszył.

Mam jeszcze kilka pytań, ale o to już chyba w innym dziale zapytam.

- Co do punktów przywracania systemu - udało się skasować stare, ale nowe się nie chcą utworzyć.

Jest komunikat:

Nie można utworzyć zaplanowanego zadania z następującej przyczyny:
Żądanie nie jest obsługiwane. 0x80070032    

Pasowałoby PPS mieć w zapasie, bo czasem system nie wstaje po aktualizacji lub instalacji jakiegoś programu.

Myślę, że jak odpalę ComboFixa to on na siłę zrobi sam Punkt Przywracania Systemu. Co myślisz?

- I jeszcze mam problem z Windows Media Player.

Wersja 11 jest zepsuta, nowa się nie instaluje, bo mówi, że jest nowsza na komputerze, odinstalować nie można, itp. itd.

========================

Udało się - ComboFix utworzył PPSystemu.

Ale i tak przy sprawdzeniu czy jest - we właściwościach systemu, choć jest dla wszystkich dysków, wyskakuje komunikat

Nie można utworzyć zaplanowanego zadania z następującej przyczyny:

Żądanie nie jest obsługiwane. 0x80070032    

Ostatnie logi kontrolnie, proszę o rzut okiem:

Log CF

Log OTL.txt

Log OTL.Extras

Nowy log OTL. EXTRAS:

OTL Extras logfile created on: 2010-10-30 08:49:51 - Run 2
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\user\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS
Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS

Computer Name: MARTITA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C6D46D-D477-43BB-BF54-150FF66DCC93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0F8135AB-7428-4775-9578-2C7DF4046930}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{19B9C72F-7D5B-4B34-86FC-5A29423764C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1B83F24F-1D53-486F-B53B-56168CBFA4A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{24C5B76B-0C35-41B4-AD87-09DBC3CBA205}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{39CE35B1-4621-47F7-A4F2-9154FD986B01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DD887CD-F8ED-4B29-B82A-4495D4B07C5D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | 
"{4A8507F5-CBEE-4913-A605-1F9FB5E8B2F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{52C41AE3-E390-4301-991D-CCFC42894DCC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5709E341-6FBC-48A2-A563-79A557E5C1A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{5CD0A027-C065-41CC-A894-A5AB32DB36DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6F5C8EA4-D5CB-4C51-A108-CC61C50EC8D8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{70196BDB-027E-4A91-8BCE-A925F242B210}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{76E00097-F9FC-4862-A8B3-D1D0F4B728DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{7AD7C22B-E7AF-4123-BDE2-EE2A0D646DBA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{903DBF7E-B796-4B5C-89BA-4A9365BD9DDF}" = lport=49157 | protocol=6 | dir=in | name=akamai netsession interface | 
"{9CE9CC64-2751-4BDC-9DD6-CAD27B725AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AD6CC92B-BA6B-4D92-852A-9B2F81D6C8AD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{B24E5DB3-2A60-4365-8352-0A3C536D2B2A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{B418B0AA-7004-471A-9EF3-BB69C81DF00D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C49673F0-879E-49A0-9978-15D1471A33B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{CD07411D-36CB-4A48-9183-E3FFAB1DCF32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{D775CE37-6712-4552-BF3F-4D9C2F580988}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{E74FE4C6-1C8D-454B-86FD-931C5E69112A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E98F4C10-C726-44E7-B357-0F34A0EAB777}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{F4DBE0D0-1353-4433-B14C-3B6A0F5AA9A5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228917A-603F-4FC1-8DD7-B70BEDA0953F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{077797B2-4BBB-4C99-87F9-F09F92011056}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E05028D-2E04-4E96-AA61-725617F50C43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0E4367B2-A10B-4637-911C-34B1CABAC935}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | 
"{10615128-173B-4D99-9F95-D01FF2DFCAF3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{162815AD-4AF8-44D8-9B7E-47693B12B31B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{18DEFBDA-EB37-4E92-AFED-512C43B73F51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1B7E2137-8B53-49EE-9B13-F30AD2DFE602}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{215A7A7C-5C87-4079-87EA-BE5642297423}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2CF0477A-0431-4CEE-8D5A-A649DD223B5A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2ECEF20E-30AB-4456-94CB-F86A8A7F45AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F31A084-7920-4FE3-B92C-4D966FA244BC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{313CE42A-8BB5-481A-B02C-82C1ABC2213A}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{34E53280-380C-4314-BE08-842404692132}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3593BB9C-05B8-4D91-B8F1-2DDEA80769DF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{47509D00-21F6-4ADE-B34E-016DBD33A2E4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4879DD47-ADE0-4221-88FF-1D36C420A004}" = protocol=6 | dir=out | app=system | 
"{4B21EA03-10F7-41A9-8886-65BBD4DB8A1A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{544E5B9A-517F-4CA7-A503-9B29607E31B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5E5E1214-D733-4861-8E4D-4FD2B1D40401}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FBE3749-FB79-40F9-8134-5DBF85393EB6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6B93B5DA-16C4-48BB-9315-A3B64BB7A810}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{72DDCD60-73E5-48AD-986E-DD7A505B854C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76302665-013E-4341-A5E8-BFB60F4EB0C8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{7657D7D1-3832-482E-800B-85E341D47D49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{78212859-1D07-464F-807D-2FD6DA666A63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7C8C8E4F-1A0A-4BD7-9584-1D293BCD2CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8379E621-F6A0-4B0A-89C7-458C77CC15B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{893B6657-02FD-47FE-883A-913738C44DE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C35CDC7-7034-4B72-BE25-5DB72D5610A4}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | 
"{8D1AFFB4-BDBE-4AC9-A826-6C38BEE6C5DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9DAC78C6-6B38-48CC-B009-AA3AAB0F7FE1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{9F80B5B2-656D-476A-8688-88EBEB6FDBE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A2CDDD16-6158-40B6-BA4A-A5709B3EEEEB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A34E4305-47FC-4E3B-9688-803D70C15B0B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A44486E7-4070-4216-A55E-87E8FBF5A6DD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4BBFFFE-E906-4512-85DF-3FCD49EE9025}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A898D132-53BA-449B-BFFC-1E6D3EF5EC7F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AC0DAB0B-2073-4778-9289-7C3F96DF5C87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ACF95EAA-4C13-4F01-B351-9C688D7F4D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B8ADF34F-129D-41C1-981C-40D19D09A9B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF7EBE97-A708-4B8E-86AC-B690715F83D6}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | 
"{BFD54131-C3C2-4EB2-AC0C-5BE3555B530E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C52DB4F5-553A-4544-9E55-FA78A384BF94}" = protocol=6 | dir=out | app=system | 
"{C5638B67-AB16-4EFE-B465-4E4CDF2933A3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C59B196A-4515-4575-B5CC-1B1D16DDBD41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C902014E-3701-4F8E-9379-35E9A4D8ADBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE7FFD8E-5E4C-4757-B58E-F02709BC42F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D3E0C834-2A75-425C-B80F-647FD7A9C987}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D5219AF5-CA59-469D-8828-845EDC60BCC4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D895F6D8-A206-4013-866C-CD25A04457E8}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | 
"{DCAE2AB3-9A4B-4D16-BD61-E9DC9A613504}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DCD1A0FC-B9DD-4A86-A1B6-6667D75874EB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E09B61F5-B4C4-48AC-A26F-9CA47FDC2C29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E1E14113-40BF-44F2-A258-1053944A0161}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E1EC2C53-637A-475F-A5D4-1208ED9B376A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EAC57ABB-1526-41E7-8512-89077C908A7E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EFEB4407-39CF-46AE-B5BA-C5CC850652F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F216BD0D-6ED3-46AE-8556-2B41F8FBA2A2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{3606E7C6-2DE9-4351-8E60-DC8F4C50FD04}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{549F0802-99E0-43C8-A159-AC579B69B24D}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | 
"TCP Query User{57ECF9E4-2247-4CF0-B931-958E3ADD4ABE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{6B20DBDE-9F99-4144-8FBF-18B0CD342989}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{7B96E201-3928-420D-9C19-F70F41DD87DB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | 
"TCP Query User{83DC2FC4-ADA4-4FAA-81FB-E425FD5BA47E}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{A38B39C9-B9F4-4F79-93A9-AC834365F782}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{B5D831ED-44BE-4A23-A207-1BEDA4832D03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DEE9AD7E-3206-4864-A627-30F17BF6876A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{E6066F5A-A996-4C7D-9E7A-F16469C3A9EB}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{E8429323-991A-408C-ABA7-0394F4360865}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{279690C6-5C8F-42BA-AFE7-E1351DBF4865}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{50D37BAD-90A8-4A51-8852-409AD9863491}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{757C4176-C617-40BE-93F8-9479C76C5B52}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{866D0016-F182-4AE5-8423-2C8F01DCB8E0}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{86D74EAF-2501-4921-87BD-F95E834A6835}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{925CFF97-6095-4540-A4D8-D7B7639FB24D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C986D21C-CD6D-4292-8CD0-F4ABD13E9FC3}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | 
"UDP Query User{CC7E7745-0A55-4C4C-9762-3A8DA563CCA7}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{DCA95CE6-8289-4487-AF0E-D1219464E68C}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{F0B65935-835C-41DE-AC67-766DC4D6AF44}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F3EABA80-3DAF-43A1-80B9-3302E237A48B}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | 

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Asystent rejestrowania za pomocą identyfikatora Windows Live
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2496C4C6-A617-4646-B264-ECF60457B184}" = MAGIX FotoStory na CD & DVD 9 Download Version
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30233C19-872D-4412-9050-7DC263824A96}" = RealSpeak Solo 4.0 SAPI5 Polish Agata
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E2D9049-CB69-11D2-94EC-00A0C90683DA}" = VBA (2720)
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5DB62162-439D-4A2D-A0D8-1EBF190FDCDC}_is1" = AnyFound Photo Recovery Free Edition 1.1
"{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{90140011-0061-0415-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Polski
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer
"{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}" = Radmin Viewer 3.4
"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F31961E-9536-4D0C-A0B0-BBEB25636A84}" = Backup4all Lite 4
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FEF4EA5-025F-4D8B-9376-680CA8E77C9C}" = Delete FXP Files 2009 - Demo
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5120A5B-DB40-4E1E-9392-3D5BC1E4CB24}" = MAGIX 3D Maker (embedded MSI)
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.4 - Polish
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CF4E1FE8-0B0C-4E9F-B9C8-8E5FB5A814D9}" = INTERsoft-Menadżer licencji
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}" = OpenOffice.org 3.2
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7C05692-5AD3-4032-A1C8-7CBAECD52EB3}" = Polish language for ABBYY FineReader 8.0 Professional Edition
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam 
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E62C6691-52B3-44B5-B9B0-4C73237D8F0A}" = MAGIX Screenshare
"{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C1383A-4925-426C-88A6-E384E007DD24}" = FixMyRegistry
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD552BF9-FAE3-48FA-ADC9-18E455E03FEC}" = MAGIX Speed 2 (MSI)
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AntiLogger" = AntiLogger
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"AviSynth" = AviSynth 2.5
"AviTricks Classic_is1" = AviTricks Classic version 1.65
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BusinessCardsMX3_is1" = BusinessCardsMX 3.96
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"De BOLSILLO_is1" = De BOLSILLO v 1.0
"Delete FXP Files 2009 - Demo" = Delete FXP Files 2009 - Demo
"DiskMax" = DiskMax 4.40
"ETRemover" = ETRemover
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00
"EvilLyrics" = EvilLyrics
"Expressivo" = Expressivo
"FileASSASSIN" = FileASSASSIN
"Finale 2007" = Finale 2007
"Finale 2009" = Finale 2009
"Finale 2010" = Finale 2010
"Finale Allegro 2007" = Finale Allegro 2007
"Finale NotePad 2008" = Finale NotePad 2008
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"Finale SongWriter 2010" = Finale SongWriter 2010
"Fix My Registry_is1" = Fix My Registry v3.0
"FixMyRegistry" = FixMyRegistry
"Gadu-Gadu 10" = Gadu-Gadu 10
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"GMailFS" = GMail Drive Shell Extension
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard
"InstallShield_{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"ipla" = ipla 2.1.1
"IVO Glossary" = IVO Glossary
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"JDownloader" = JDownloader
"KC Softwares SUMo_is1" = KC Softwares SUMo
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Standard)
"Kurs Masazu_is1" = Kurs Masazu
"LManager" = Launch Manager
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Movie Edit Pro 15 Plus Download version UK" = MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)
"MAGIX Movie Edit Pro silver UK" = MAGIX Movie Edit Pro silver 8.6.0.17 (UK)
"MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK)
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"MAGIX_MSI_Fotos_auf_CD_DVD_9" = MAGIX FotoStory na CD & DVD 9 Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyDefrag v4.2.5_is1" = MyDefrag v4.2.5
"Nice PDF Compressor_is1" = Nice PDF Compressor 2.0
"novaPDF Lite Desktop 7 printer_is1" = novaPDF Lite Desktop 7.0 printer
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"Photo Resize Magic" = Photo Resize Magic 1.1
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"Profesor Pedro - Słownictwo_is1" = Profesor Pedro - Słownictwo
"RayV" = RayV
"RealAlt_is1" = Real Alternative 1.9.0
"RealDraw Pro_is1" = RealDraw Pro v4.0.17.1
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva
"RegCure" = RegCure
"Sakura" = Sakura
"Sawer" = Sawer
"SLD Codec Pack" = SLD Codec Pack
"SLOW-PCfighter" = SLOW-PCfighter
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Closer_is1" = System Closer 1.0.0.13
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"Unlocker" = Unlocker 1.8.9
"Virtual Piano_is1" = Virtual Piano 3.0
"VLC media player" = VLC media player 0.9.8a
"VoipCheapCom_is1" = VoipCheapCom
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinMend Disk Cleaner_is1" = WinMend Disk Cleaner 1.4.4
"WinMend History Cleaner_is1" = WinMend History Cleaner 1.3.5
"WinMend Registry Cleaner_is1" = WinMend Registry Cleaner 1.5.6
"WinMend System Doctor_is1" = WinMend System Doctor 1.5.4

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BogFran Designer" = BogFran Designer
"EspTrans" = Tłumacz i Słownik Języka Hiszpańskiego

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-10-29 17:38:51 | Computer Name = Martita | Source = Perflib | ID = 1010
Description = 

Error - 2010-10-30 01:58:34 | Computer Name = Martita | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura
czasowa 0x4cbda469, moduł powodujący błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura
czasowa 0x4cbda469, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000c551,  identyfikator
procesu 0xcf4, godzina rozpoczęcia aplikacji 0x01cb77f6dcbda547.

[ System Events ]
Error - 2010-10-30 01:33:51 | Computer Name = Martita | Source = Service Control Manager | ID = 7000
Description = 

Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = Service Control Manager | ID = 7026
Description = 

Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = LSM | ID = 1048
Description = 

Error - 2010-10-30 01:35:01 | Computer Name = Martita | Source = Service Control Manager | ID = 7001
Description = 

Error - 2010-10-30 02:41:16 | Computer Name = Martita | Source = volmgr | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2010-10-30 02:41:33 | Computer Name = Martita | Source = volmgr | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2010-10-30 02:43:04 | Computer Name = Martita | Source = Service Control Manager | ID = 7000
Description = 

Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = Service Control Manager | ID = 7026
Description = 

Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = LSM | ID = 1048
Description = 

Error - 2010-10-30 02:44:31 | Computer Name = Martita | Source = Service Control Manager | ID = 7001
Description = 


< End of report >

Zrobić już Sprzątanie w OTL, by usunąć Qoobox/CF i OTL?

Log RootRepeal:

 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/10/30 09:41
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90BB9000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90BAE000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB27DF000	Size: 49152	File Visible: No	Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1200	Status: Locked to the Windows API!

SSDT
-------------------
#: 072	Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860152d6

#: 073	Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860154c8

#: 334	Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x86014f44

#: 383	Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860156d0

==EOF==

i jeszcze

09:41:05: Unrecognized partition type 6 (0x6)!
09:41:13: Could not read system registry! Please contact the author!

Gmer kilka razy się wyłączał w trakcie pracy.

Aktualnie robi się po raz kolejny (na razie działa) i czekam na loga, którego wkleję.

Zaraz też mogę wykonć skanowanie RootRepeal.

==============================

Teraz wykonałem skrypt OTL.

Oto log z usuwania OTL:

All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File C:\Windows\System32\DRIVERS\UIUSYS.SYS not found.
Service cpu stopped successfully!
Service cpu deleted successfully!
File C:\cpu.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys not found.
Service AVFSFilter stopped successfully!
Service AVFSFilter deleted successfully!
File C:\Windows\System32\DRIVERS\avfsfilter.sys not found.
HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Prefs.js: "Winamp Search" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL
C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\r6yd7ja3.default\searchplugins\winamp-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\Tasks\{940150C4-A3ED-4CF4-A613-A6AD96D7230B}.job moved successfully.
C:\Windows\Tasks\{C555EFEE-A6D4-45C3-907B-45CB5D4BC69E}.job moved successfully.
========== FILES ==========
C:\Users\user\AppData\Local\TempAB1224.html moved successfully.
C:\Users\user\AppData\Local\TempAc1836.html moved successfully.
C:\Users\user\AppData\Local\TempaH3848.html moved successfully.
C:\Users\user\AppData\Local\Tempal1312.html moved successfully.
C:\Users\user\AppData\Local\Tempal1632.html moved successfully.
C:\Users\user\AppData\Local\TempAM1208.html moved successfully.
C:\Users\user\AppData\Local\TempANl492.html moved successfully.
C:\Users\user\AppData\Local\TempaNT552.html moved successfully.
C:\Users\user\AppData\Local\TempaP1888.html moved successfully.
C:\Users\user\AppData\Local\TempAvH452.html moved successfully.
C:\Users\user\AppData\Local\Tempbf3848.html moved successfully.
C:\Users\user\AppData\Local\TempBic552.html moved successfully.
C:\Users\user\AppData\Local\Tempbj2028.html moved successfully.
C:\Users\user\AppData\Local\TempbLT288.html moved successfully.
C:\Users\user\AppData\Local\TempBMd520.html moved successfully.
C:\Users\user\AppData\Local\TempBnL300.html moved successfully.
C:\Users\user\AppData\Local\Tempbp1640.html moved successfully.
C:\Users\user\AppData\Local\TempbQ1312.html moved successfully.
C:\Users\user\AppData\Local\TempbR1972.html moved successfully.
C:\Users\user\AppData\Local\Tempbrp328.html moved successfully.
C:\Users\user\AppData\Local\TempBt2032.html moved successfully.
C:\Users\user\AppData\Local\Tempbu4392.html moved successfully.
C:\Users\user\AppData\Local\TempBwf300.html moved successfully.
C:\Users\user\AppData\Local\TempBxk136.html moved successfully.
C:\Users\user\AppData\Local\TempCCR304.html moved successfully.
C:\Users\user\AppData\Local\TempceY500.html moved successfully.
C:\Users\user\AppData\Local\TempCFm492.html moved successfully.
C:\Users\user\AppData\Local\TempcKY520.html moved successfully.
C:\Users\user\AppData\Local\TempCO1896.html moved successfully.
C:\Users\user\AppData\Local\TempcQd624.html moved successfully.
C:\Users\user\AppData\Local\TempcZL540.html moved successfully.
C:\Users\user\AppData\Local\Tempdd2476.html moved successfully.
C:\Users\user\AppData\Local\TempdE4844.html moved successfully.
C:\Users\user\AppData\Local\TempdP1640.html moved successfully.
C:\Users\user\AppData\Local\TempdqN480.html moved successfully.
C:\Users\user\AppData\Local\TempDV1916.html moved successfully.
C:\Users\user\AppData\Local\TempdVR240.html moved successfully.
C:\Users\user\AppData\Local\TempDw1224.html moved successfully.
C:\Users\user\AppData\Local\TempdWD760.html moved successfully.
C:\Users\user\AppData\Local\Tempedd596.html moved successfully.
C:\Users\user\AppData\Local\TempEmK492.html moved successfully.
C:\Users\user\AppData\Local\TempeSH544.html moved successfully.
C:\Users\user\AppData\Local\TempeV1024.html moved successfully.
C:\Users\user\AppData\Local\TempezM328.html moved successfully.
C:\Users\user\AppData\Local\TempfC2024.html moved successfully.
C:\Users\user\AppData\Local\TempFCh480.html moved successfully.
C:\Users\user\AppData\Local\TempFeL316.html moved successfully.
C:\Users\user\AppData\Local\TempFf1640.html moved successfully.
C:\Users\user\AppData\Local\TempfFt236.html moved successfully.
C:\Users\user\AppData\Local\Tempfl1320.html moved successfully.
C:\Users\user\AppData\Local\TempfpR500.html moved successfully.
C:\Users\user\AppData\Local\TempFt1036.html moved successfully.
C:\Users\user\AppData\Local\TempFxL312.html moved successfully.
C:\Users\user\AppData\Local\TempfYp336.html moved successfully.
C:\Users\user\AppData\Local\Tempfyy656.html moved successfully.
C:\Users\user\AppData\Local\TempgE2032.html moved successfully.
C:\Users\user\AppData\Local\TempGeX412.html moved successfully.
C:\Users\user\AppData\Local\TempGiB296.html moved successfully.
C:\Users\user\AppData\Local\TempGkf480.html moved successfully.
C:\Users\user\AppData\Local\TempGR1520.html moved successfully.
C:\Users\user\AppData\Local\TempgRg600.html moved successfully.
C:\Users\user\AppData\Local\TempgyX592.html moved successfully.
C:\Users\user\AppData\Local\TempHDT416.html moved successfully.
C:\Users\user\AppData\Local\TempHpI820.html moved successfully.
C:\Users\user\AppData\Local\TemphQ2016.html moved successfully.
C:\Users\user\AppData\Local\TempHQR980.html moved successfully.
C:\Users\user\AppData\Local\Temphtk244.html moved successfully.
C:\Users\user\AppData\Local\TempIb1316.html moved successfully.
C:\Users\user\AppData\Local\TempId1260.html moved successfully.
C:\Users\user\AppData\Local\TempId1320.html moved successfully.
C:\Users\user\AppData\Local\TempiEG516.html moved successfully.
C:\Users\user\AppData\Local\TempiG1920.html moved successfully.
C:\Users\user\AppData\Local\TempIh2036.html moved successfully.
C:\Users\user\AppData\Local\TempiRw468.html moved successfully.
C:\Users\user\AppData\Local\TempIsi536.html moved successfully.
C:\Users\user\AppData\Local\TempIWu316.html moved successfully.
C:\Users\user\AppData\Local\TempIx1896.html moved successfully.
C:\Users\user\AppData\Local\TempIZc560.html moved successfully.
C:\Users\user\AppData\Local\TempjA1916.html moved successfully.
C:\Users\user\AppData\Local\TempjDb296.html moved successfully.
C:\Users\user\AppData\Local\TempJIP536.html moved successfully.
C:\Users\user\AppData\Local\TempjN1612.html moved successfully.
C:\Users\user\AppData\Local\TempjN2016.html moved successfully.
C:\Users\user\AppData\Local\TempjQb604.html moved successfully.
C:\Users\user\AppData\Local\TempjRl316.html moved successfully.
C:\Users\user\AppData\Local\TempjYF592.html moved successfully.
C:\Users\user\AppData\Local\TempkdG248.html moved successfully.
C:\Users\user\AppData\Local\TempKGK496.html moved successfully.
C:\Users\user\AppData\Local\TempKk1632.html moved successfully.
C:\Users\user\AppData\Local\TempKk2012.html moved successfully.
C:\Users\user\AppData\Local\TempKP1972.html moved successfully.
C:\Users\user\AppData\Local\TempKqe496.html moved successfully.
C:\Users\user\AppData\Local\TempKqU344.html moved successfully.
C:\Users\user\AppData\Local\TempkR1260.html moved successfully.
C:\Users\user\AppData\Local\TempKw1964.html moved successfully.
C:\Users\user\AppData\Local\TempkX1896.html moved successfully.
C:\Users\user\AppData\Local\Tempkz1036.html moved successfully.
C:\Users\user\AppData\Local\TemplCQ760.html moved successfully.
C:\Users\user\AppData\Local\Templk2608.html moved successfully.
C:\Users\user\AppData\Local\TemplM1964.html moved successfully.
C:\Users\user\AppData\Local\TempLpe492.html moved successfully.
C:\Users\user\AppData\Local\Templu2024.html moved successfully.
C:\Users\user\AppData\Local\TempmAn524.html moved successfully.
C:\Users\user\AppData\Local\Tempmf1920.html moved successfully.
C:\Users\user\AppData\Local\Tempmnd604.html moved successfully.
C:\Users\user\AppData\Local\TempMoY396.html moved successfully.
C:\Users\user\AppData\Local\Tempmq1632.html moved successfully.
C:\Users\user\AppData\Local\TempMs1972.html moved successfully.
C:\Users\user\AppData\Local\TempmXl412.html moved successfully.
C:\Users\user\AppData\Local\TempmyS336.html moved successfully.
C:\Users\user\AppData\Local\TempNa1632.html moved successfully.
C:\Users\user\AppData\Local\TempniO336.html moved successfully.
C:\Users\user\AppData\Local\TempNnC600.html moved successfully.
C:\Users\user\AppData\Local\TempNq1996.html moved successfully.
C:\Users\user\AppData\Local\TempnsF304.html moved successfully.
C:\Users\user\AppData\Local\TempNTA328.html moved successfully.
C:\Users\user\AppData\Local\TempNtc332.html moved successfully.
C:\Users\user\AppData\Local\TempnuW316.html moved successfully.
C:\Users\user\AppData\Local\TempnWS412.html moved successfully.
C:\Users\user\AppData\Local\TempnZ1996.html moved successfully.
C:\Users\user\AppData\Local\Tempoal592.html moved successfully.
C:\Users\user\AppData\Local\Tempoe1520.html moved successfully.
C:\Users\user\AppData\Local\TempOEk244.html moved successfully.
C:\Users\user\AppData\Local\TempOJA516.html moved successfully.
C:\Users\user\AppData\Local\TempOK1828.html moved successfully.
C:\Users\user\AppData\Local\TempOKW596.html moved successfully.
C:\Users\user\AppData\Local\TempoL1484.html moved successfully.
C:\Users\user\AppData\Local\TempoRZ244.html moved successfully.
C:\Users\user\AppData\Local\TempoS1036.html moved successfully.
C:\Users\user\AppData\Local\Tempou1188.html moved successfully.
C:\Users\user\AppData\Local\TempPDN504.html moved successfully.
C:\Users\user\AppData\Local\TemppHi780.html moved successfully.
C:\Users\user\AppData\Local\Temppj1484.html moved successfully.
C:\Users\user\AppData\Local\TemppL1036.html moved successfully.
C:\Users\user\AppData\Local\TempPmL612.html moved successfully.
C:\Users\user\AppData\Local\TempPO1888.html moved successfully.
C:\Users\user\AppData\Local\Temppw1972.html moved successfully.
C:\Users\user\AppData\Local\TemppWf344.html moved successfully.
C:\Users\user\AppData\Local\TemppXt524.html moved successfully.
C:\Users\user\AppData\Local\TempQes320.html moved successfully.
C:\Users\user\AppData\Local\TempqgW240.html moved successfully.
C:\Users\user\AppData\Local\TempQh2476.html moved successfully.
C:\Users\user\AppData\Local\Tempqi1916.html moved successfully.
C:\Users\user\AppData\Local\TempqN2012.html moved successfully.
C:\Users\user\AppData\Local\TempqnO492.html moved successfully.
C:\Users\user\AppData\Local\TempQNw560.html moved successfully.
C:\Users\user\AppData\Local\TempQOH824.html moved successfully.
C:\Users\user\AppData\Local\TempQS1916.html moved successfully.
C:\Users\user\AppData\Local\TempQx1608.html moved successfully.
C:\Users\user\AppData\Local\TempqZd516.html moved successfully.
C:\Users\user\AppData\Local\TemprEz596.html moved successfully.
C:\Users\user\AppData\Local\Temprf1208.html moved successfully.
C:\Users\user\AppData\Local\TempRhU420.html moved successfully.
C:\Users\user\AppData\Local\TempRQZ604.html moved successfully.
C:\Users\user\AppData\Local\TempRTI320.html moved successfully.
C:\Users\user\AppData\Local\TempSE1884.html moved successfully.
C:\Users\user\AppData\Local\Tempsh1260.html moved successfully.
C:\Users\user\AppData\Local\TempsJ1260.html moved successfully.
C:\Users\user\AppData\Local\TempSmt540.html moved successfully.
C:\Users\user\AppData\Local\TempSov504.html moved successfully.
C:\Users\user\AppData\Local\TempSoy512.html moved successfully.
C:\Users\user\AppData\Local\TempSr1880.html moved successfully.
C:\Users\user\AppData\Local\TempsRQ136.html moved successfully.
C:\Users\user\AppData\Local\TempSsB480.html moved successfully.
C:\Users\user\AppData\Local\TempSta512.html moved successfully.
C:\Users\user\AppData\Local\TempTe1884.html moved successfully.
C:\Users\user\AppData\Local\Temptfb300.html moved successfully.
C:\Users\user\AppData\Local\TempTG1608.html moved successfully.
C:\Users\user\AppData\Local\TempTh1880.html moved successfully.
C:\Users\user\AppData\Local\TempTIp596.html moved successfully.
C:\Users\user\AppData\Local\TempTIS568.html moved successfully.
C:\Users\user\AppData\Local\TempTJI468.html moved successfully.
C:\Users\user\AppData\Local\TemptmF512.html moved successfully.
C:\Users\user\AppData\Local\TemptMn336.html moved successfully.
C:\Users\user\AppData\Local\Temptoe612.html moved successfully.
C:\Users\user\AppData\Local\TempTSJ508.html moved successfully.
C:\Users\user\AppData\Local\Temptto420.html moved successfully.
C:\Users\user\AppData\Local\TemptVt344.html moved successfully.
C:\Users\user\AppData\Local\TemptWK244.html moved successfully.
C:\Users\user\AppData\Local\Tempuir320.html moved successfully.
C:\Users\user\AppData\Local\TempuIu656.html moved successfully.
C:\Users\user\AppData\Local\TempuLB320.html moved successfully.
C:\Users\user\AppData\Local\TempuLY236.html moved successfully.
C:\Users\user\AppData\Local\TempuOg820.html moved successfully.
C:\Users\user\AppData\Local\TempUwFu12.html moved successfully.
C:\Users\user\AppData\Local\TempuXj492.html moved successfully.
C:\Users\user\AppData\Local\TempUzS288.html moved successfully.
C:\Users\user\AppData\Local\TempVEv512.html moved successfully.
C:\Users\user\AppData\Local\TempVHg512.html moved successfully.
C:\Users\user\AppData\Local\TempVj1612.html moved successfully.
C:\Users\user\AppData\Local\TempVNG312.html moved successfully.
C:\Users\user\AppData\Local\TempVps344.html moved successfully.
C:\Users\user\AppData\Local\TempwdE516.html moved successfully.
C:\Users\user\AppData\Local\TempWEW396.html moved successfully.
C:\Users\user\AppData\Local\TempwiQo12.html moved successfully.
C:\Users\user\AppData\Local\TempWNh516.html moved successfully.
C:\Users\user\AppData\Local\Tempww2608.html moved successfully.
C:\Users\user\AppData\Local\Tempxav316.html moved successfully.
C:\Users\user\AppData\Local\TempXBA352.html moved successfully.
C:\Users\user\AppData\Local\TempxBx692.html moved successfully.
C:\Users\user\AppData\Local\TempXdN568.html moved successfully.
C:\Users\user\AppData\Local\Tempxef604.html moved successfully.
C:\Users\user\AppData\Local\TempXQ2004.html moved successfully.
C:\Users\user\AppData\Local\TempXr1828.html moved successfully.
C:\Users\user\AppData\Local\TempyaE980.html moved successfully.
C:\Users\user\AppData\Local\TempYBn452.html moved successfully.
C:\Users\user\AppData\Local\TempyEF692.html moved successfully.
C:\Users\user\AppData\Local\TempyEO244.html moved successfully.
C:\Users\user\AppData\Local\TempyIU624.html moved successfully.
C:\Users\user\AppData\Local\TempYKH600.html moved successfully.
C:\Users\user\AppData\Local\TempYL2028.html moved successfully.
C:\Users\user\AppData\Local\TempYlf824.html moved successfully.
C:\Users\user\AppData\Local\TempYMx300.html moved successfully.
C:\Users\user\AppData\Local\TempYS1640.html moved successfully.
C:\Users\user\AppData\Local\TempZdX508.html moved successfully.
C:\Users\user\AppData\Local\TempzkH248.html moved successfully.
C:\Users\user\AppData\Local\TempzN2036.html moved successfully.
C:\Users\user\AppData\Local\TempzOW412.html moved successfully.
C:\Users\user\AppData\Local\TempzTd316.html moved successfully.
C:\Users\user\AppData\Local\Tempztj328.html moved successfully.
C:\Users\user\AppData\Local\TempzuO780.html moved successfully.
C:\Users\user\AppData\Local\TempZyl332.html moved successfully.
C:\Users\user\AppData\Local\TempZzp416.html moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default

User: Default User

User: Marta

User: Public

User: user
->Flash cache emptied: 1154 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marta
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 314843 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Java cache emptied: 43819091 bytes
->FireFox cache emptied: 73569335 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 415 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59349 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10302010_083853

Files\Folders moved on Reboot...
File\Folder C:\Users\user\AppData\Local\Temp\~DF930.tmp not found!
File\Folder C:\Users\user\AppData\Local\Temp\~DF9D6.tmp not found!
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\sqlite_N4yeThYumYGXJN0 not found!

Registry entries deleted on Reboot...

Nowy log OTL.txt:

OTL logfile created on: 2010-10-30 08:49:51 - Run 2
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\user\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS
Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS

Computer Name: MARTITA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-10-30 08:45:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2010-10-29 08:23:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-20 08:45:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010-03-09 08:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009-09-23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007-02-07 00:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clcapsvc.exe
PRC - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clsched.exe
PRC - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\acer\acer arcade\kernel\clml_ntservice\clmlserver.exe
PRC - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006-12-01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-09-26 22:03:57 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-05-28 03:43:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-08-24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009-08-05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009-05-14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2008-08-07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008-07-13 21:30:28 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\adeona\cygrunsrv.exe -- (AdeonaClientService)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007-05-31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010-09-01 12:20:36 | 000,120,168 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-12-30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-08-05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007-02-07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007-02-07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007-02-07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-12-27 03:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006-12-19 12:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006-12-07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006-12-01 07:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-10 08:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006-11-06 11:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006-11-06 09:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006-11-06 09:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006-11-02 15:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006-10-25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006-10-25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006-10-25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006-10-23 05:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-10-18 05:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006-10-18 05:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006-10-18 05:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006-08-04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005-12-21 15:44:13 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005-02-23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004-04-10 10:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = 
IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = 
IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://poczta.o2.pl/"
FF - prefs.js..extensions.enabledItems: zapiska@zapiska.pl:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-10 00:35:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 08:23:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 08:23:30 | 000,000,000 | ---D | M]

[2010-04-25 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010-10-29 21:42:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions
[2010-07-22 22:10:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-09-19 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\zapiska@zapiska.pl
[2010-10-17 21:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-10 17:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-10 17:06:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-09-18 09:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-18 09:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-18 09:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-18 09:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-18 09:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-18 09:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-10-29 22:15:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link =  [binary data]
O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-07 19:05:04 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-14 22:48:13 | 000,000,067 | ---- | M] () - E:\AUTORUN_.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-10-30 08:38:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-10-29 23:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-10-29 22:17:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010-10-29 22:09:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2010-10-29 21:48:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-10-29 21:48:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-10-29 21:48:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-10-29 21:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-10-29 21:47:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-10-29 21:05:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-10-23 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\KoshyJohn.com
[2010-10-20 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ściągnięcia MAGIX
[2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\MAGIX
[2010-10-17 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Xara
[2010-10-17 21:11:31 | 000,000,000 | ---D | C] -- C:\Users\user\.bogfran
[2010-10-17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hide Your IP Address
[2010-10-16 22:30:33 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\System32\HMIPCore.dll
[2010-10-16 22:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010-10-16 21:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2010-10-16 21:08:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SlySoft
[2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vso
[2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\PcSetup
[2010-10-14 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Garritan
[2010-10-11 00:16:53 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2010-10-10 20:59:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{680651BD-F2C0-418E-81A1-6F3DEB958964}
[2010-10-10 17:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-10-10 17:06:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-10-06 23:30:16 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010-10-03 00:44:45 | 000,000,000 | ---D | C] -- C:\Windows\registration
[2010-10-02 23:26:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010-10-02 23:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010-10-02 22:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-10-01 13:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010-10-01 11:34:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010-10-01 11:33:52 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010-10-01 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SoftGrid Client
[2010-10-01 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2010-10-01 10:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010-10-01 10:54:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TP
[2008-09-25 23:57:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[2005-12-21 15:47:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-10-30 08:43:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
[2010-10-30 08:42:35 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-30 08:42:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010-10-30 08:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-10-30 08:40:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-10-29 22:15:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-10-29 20:53:35 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-10-28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010-10-23 20:11:21 | 002,524,990 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010-10-23 20:11:21 | 001,936,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-10-23 20:11:21 | 001,394,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-10-23 20:11:20 | 000,792,904 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010-10-20 20:37:45 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2010-10-20 20:20:51 | 000,013,985 | ---- | M] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx
[2010-10-20 08:45:53 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job
[2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-10-18 08:28:41 | 001,141,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2010-10-16 22:09:52 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010-10-16 21:19:11 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010-10-16 21:07:27 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[2010-10-16 21:07:27 | 000,007,887 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2010-10-16 21:07:27 | 000,001,144 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2010-10-14 12:45:49 | 006,892,224 | ---- | M] () -- C:\Users\user\Documents\_01754_mp3.zip
[2010-10-14 10:10:37 | 000,157,260 | ---- | M] () -- C:\Users\user\Documents\bossa_nova.pdf
[2010-10-11 00:16:16 | 000,001,024 | ---- | M] () -- C:\Users\user\.rnd
[2010-10-10 20:59:28 | 000,034,704 | ---- | M] () -- C:\Windows\syscall.dat
[2010-10-10 17:06:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-10-10 17:06:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010-10-06 15:11:54 | 000,051,712 | ---- | M] () -- C:\Users\user\Documents\Señor elefante.doc
[2010-10-06 11:29:35 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010-10-04 11:15:01 | 000,202,752 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-03 23:07:29 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010-10-03 23:07:29 | 000,000,008 | RHS- | M] () -- C:\Windows\System32\4AD3B3EC6F.sys
[2010-10-01 17:45:10 | 000,012,690 | ---- | M] () -- C:\Users\user\Documents\Organizational telephone  list1.xlsx
[2010-10-01 12:30:33 | 000,038,585 | ---- | M] () -- C:\Users\user\Documents\Budżet.xlsx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-29 21:48:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-10-29 21:48:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-10-29 21:48:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-10-29 20:53:35 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-10-20 20:37:45 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2010-10-20 08:45:53 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job
[2010-10-18 21:42:47 | 000,013,985 | ---- | C] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx
[2010-10-16 21:18:50 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2010-10-16 21:18:45 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010-10-14 12:45:44 | 006,892,224 | ---- | C] () -- C:\Users\user\Documents\_01754_mp3.zip
[2010-10-14 10:10:37 | 000,157,260 | ---- | C] () -- C:\Users\user\Documents\bossa_nova.pdf
[2010-10-11 00:16:53 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010-10-06 15:11:52 | 000,051,712 | ---- | C] () -- C:\Users\user\Documents\Señor elefante.doc
[2010-10-03 23:07:29 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010-10-03 23:07:29 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4AD3B3EC6F.sys
[2010-10-01 12:56:06 | 000,012,690 | ---- | C] () -- C:\Users\user\Documents\Organizational telephone  list1.xlsx
[2010-10-01 12:30:24 | 000,038,585 | ---- | C] () -- C:\Users\user\Documents\Budżet.xlsx
[2010-08-27 23:29:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
[2010-08-18 21:41:51 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm
[2010-08-15 16:44:40 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010-06-14 23:35:41 | 000,000,042 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.pls
[2010-06-09 00:55:47 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010-05-26 21:50:08 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-04-24 09:11:35 | 000,000,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\YouChoob-Stats.xml
[2010-03-24 22:15:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4AD3B3EC6F.sys
[2010-03-24 22:15:40 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-03-22 22:02:22 | 000,001,527 | ---- | C] () -- C:\Windows\System32\sk_bho.ini
[2010-03-07 20:25:12 | 000,202,752 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-07 14:24:16 | 000,002,686 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2010-03-07 14:22:59 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2009-10-24 02:10:46 | 000,021,240 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2009-10-24 02:10:46 | 000,013,560 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2009-10-11 18:51:57 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2009-09-20 15:03:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009-08-22 20:52:35 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009-08-22 20:52:31 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009-08-22 20:52:29 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009-08-22 20:52:29 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009-08-22 20:52:01 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2009-08-21 22:44:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll
[2009-08-21 22:44:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DetectDxQT.dll
[2009-08-21 02:38:40 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-08-21 02:36:10 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll
[2009-08-17 08:07:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-16 21:36:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-06-12 23:07:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009-05-16 19:52:20 | 000,000,077 | ---- | C] () -- C:\Windows\adidsl.ini
[2009-05-09 07:59:53 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009-03-27 20:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2009-03-27 20:22:55 | 001,371,436 | R--- | C] () -- C:\Windows\System32\VBAR2132.DLL
[2009-03-27 20:03:20 | 000,000,032 | ---- | C] () -- C:\Windows\barcode.ini
[2009-02-01 21:34:52 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2009-01-14 00:48:02 | 000,000,028 | ---- | C] () -- C:\Users\user\AppData\Roaming\GRGames.ini
[2008-12-17 13:33:49 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2008-10-04 13:43:43 | 000,000,148 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss
[2008-10-04 10:57:23 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008-09-25 23:57:31 | 000,081,920 | ---- | C] () -- C:\Users\user\AppData\Roaming\ezpinst.exe
[2008-09-25 23:57:31 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2008-09-25 23:57:30 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2008-08-10 11:38:12 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2008-08-10 11:35:49 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008-08-10 11:34:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008-08-10 11:33:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008-07-14 23:45:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008-07-14 19:48:56 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008-07-14 17:01:04 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-07-14 12:09:52 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2008-02-11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007-02-06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007-02-06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007-02-06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007-02-06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007-02-06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007-02-06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006-11-03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-12-22 00:49:42 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2005-12-21 22:43:09 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2005-12-21 22:43:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2005-12-21 22:43:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005-12-21 22:42:01 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2005-12-21 15:58:04 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2005-12-21 15:58:04 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2005-12-21 15:57:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2005-12-21 15:47:55 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2005-12-21 15:37:46 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2004-12-20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004-12-20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002-12-14 23:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\oggDS.dll
[2002-12-14 23:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002-12-14 23:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002-12-14 22:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002-11-15 14:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
[2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000088.DLL
[2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-06-07 01:11:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2010-08-18 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2010-04-29 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Auslogics
[2010-04-25 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avsmedia
[2010-08-28 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2010-10-10 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fighters
[2010-06-28 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gadu-Gadu 10
[2010-10-14 10:11:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garritan
[2010-10-09 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GHISLER
[2010-06-09 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GlarySoft
[2010-05-30 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KC Softwares
[2010-10-23 21:44:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KoshyJohn.com
[2010-10-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2010-06-01 14:51:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010-10-23 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RayV
[2010-10-16 21:08:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SlySoft
[2010-09-15 01:15:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smart PC Solutions
[2010-10-28 23:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2010-06-07 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland
[2010-05-08 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010-09-19 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall
[2010-10-01 11:03:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2010-09-28 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems
[2010-09-19 11:26:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2010-05-14 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VoipCheapCom
[2010-10-16 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso
[2010-05-29 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wsInspector
[2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job
[2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010-09-17 00:57:54 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2010-09-16 23:45:32 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2010-10-30 08:40:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-02-04 23:13:47 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-user-Startup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 358 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DDF13E9F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Witam,

laptop z Vista HomeBasic 32 od jakiegoś czasu dziwnie się zachowywał. Nic nie robił, zwis, klepsydra i długa cisza z oczekiwaniem na cokolwiek.

Oprócz tego nie dało się np. zaktualizować systemu, bo system nie wstawał po konkretnej aktualizacji M$ KB968912 lub po instalacji AVG AntiVirus Free 2011. Dziś nie dało się zainstalować nowej wersji Skypa (brak uprawnień administratora, itp).

Były też problemy w Adobe Acrobat 9 Pro i Office Home and Student 2010. Wyłączał się bez zapisywania zmian,...

Eset i MBAM nic nie widział.

CF usunął coś i wydaje się, że już chodzi lepiej, tzn. przynajmniej nie muli.

Proszę o końcowe instrukcje/skrypty, jak tu jeszcze posprzątać.

Log CF:

http://wklej.org/id/409395/

Log ComboFix-quarantined-files:

2010-10-29 20:21:20 . 2010-10-29 20:21:20 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SWPROguard.reg.dat

2010-10-29 20:08:19 . 2010-10-29 20:08:19 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpudriver.reg.dat

2010-10-29 20:08:19 . 2010-10-29 20:08:19 1,112 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_cpudriver.reg.dat

2010-10-29 20:04:39 . 2010-10-29 20:04:39 6,603 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-10-29 19:48:43 . 2010-10-29 19:52:00 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-10-16 19:18:44 . 2010-10-16 19:18:44 22,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temporary\cpu.sys.vir

2010-10-16 19:07:24 . 2010-10-16 19:07:27 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\inst.exe.vir

2008-08-05 07:37:20 . 2008-01-19 07:33:33 25,088 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir

Log OTL.txt:

http://wklej.org/id/409396/

Log OTL Extras:

http://wklej.org/id/409397/

Log GMER:

  niestety zawiesza się GMER

Pozdrawiam,

Marek

W zasadzie komputer już chodzi dużo szybciej, prawie normalnie. Więc temat chyba do zamknięcia.

Ale Usługa Windows Search jest stale wyłączona, a w Dzienniku zdarzeń dalej są błędy tyczące tej usługi i liczników wydajności.

Proszę na koniec jeszcze o rzut okiem na końcowe logi:

OTL.TXT

http://wklej.org/id/479650/txt/

OTL.EXTRA

http://wklej.org/id/479651/txt/

Picasso, wszystkie polecenia wykonałem. Komputer wyraźnie przyśpieszył.

Usługa Windows Search mimo zatrzymania, po restarcie zrobiła się znów aktywna. Te same błędy wyskoczyły w OTL.

Później jeszcze raz ją zatrzymałem, restart i już widać było przy niej tylko opcję "Uruchom" w services.msc. Ale już nie wykonałem ponownego skanowania OTL.

Dodatkowo: RegCleaner, Odkurzacz, Ashampoo Win Optimizer. Usunąłem na chwilę Eseta. Potem zainstaluję jeszcze raz.

ESET - faktycznie, po ponownym zainstalowaniu zauważalne, ale lekkie spowolnienie systemu. Legalny, pobrany ze strony producenta.

Komp był niedawno defragmentowany MyDefrag. Ale zainstaluję zaraz i zrobię pełną defragmentację PerfectDisk Pro11.

Podaję logi, proszę o uwagi co jeszcze można zrobić.

OTL.TXT

http://wklej.org/id/479652/txt/

OTL.EXTRAS

http://wklej.org/id/479653/txt/

Boot Diagram_export

http://wklej.org/id/542828/txt/

Czy coś z tego można usunąć?

screen_Windows Installer Clean Up

Podaję log:

Gmer.txt

Gmer_screen

mbr.log

Defogger

Sprawdziłem, wirtualnych napędów nie mam, ale nie czyściłem ewentualnych pozostałości (jak w linku zalecenie). Wykonałem tylko Defogger i SPTD. Jak trzeba to jeszcze to wykonam. SPTDinst nic nie znalazł.

--

Zgodnie z zaleceniem Sality proszę moda o przesunięcie wątku do Działu Bezpieczeństwa.

=============================

Witam,

komputer wolno otwiera aplikacje.

Szczególnie rano jak się go pierwszy raz po nocy załączy - ukazuje się puste okno danej aplikacji, klepsydra i trzeba czekać kilka minut aż zaskoczy.

Proszę o kontrolę logów OTL i instrukcje:

OTL txt

OTL Extras

Fix IE Utility nic nie zdziałał.

Przywracanie systemu nie działało, chociaż było kilkanaście PPS.

Pomógł dopiero kontroler plików systemowych i płytka z XP.

Mam 14 screenów odnośnie informacji o zainstalowanych dodatkach do IE.

2 dodatki ActiveX były uszkodzone.

Może jutro wrzucę, jak będę miał chwilę czasu (jakby ktoś chciał się doktoryzować).

Ale generalnie już jest OK i temat do zamknięcia.

Dziękuję za pomoc DawidS28.

Ok DawidS28, "Fix IE Utility" zrobię jutro, jak wrócę do pracy.

Logi OTL mam już gotowe, ale wysyłam Ci z pewnych względów tylko na priva.

Witam,

dzisiaj rano kolega w pracy odpalił kompa z XP, kliknął na żółtą ikonkę aktualizacji systemu.

Prawdopodobnie od tego zdarzenia nie da się uruchomić normalnie IE.

Pokazuje się na 1 sek. strona startowa i znika, bez żadnego komunikatu.

Po wybraniu opcji " Uruchom IE - bez dodatków" jest OK, tzn. IE się otwiera i działa, z tym że w ograniczonym zakresie.

Odinstalowałem IE i pobrałem nowy z M$ i zainstalowałem, lecz jest bez zmian.

Załączam log "Windows Update Log Report for the last 24 hours.

Kojarzymy tą awarię z dzisiejszą aktualizacją, bo w piątek wszystko było Ok, ale może jesteśmy w błędzie, bo potem odinstalowaliśmy te aktualizacje i nic to nie zmieniło.