Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

SzydlaK

Avast wykrył dużą ilość szkodników Win32:Malware

Polecane posty

Witam.

Mam problem z wirusem Win32:Malware. Parę dni temu po odpaliłem kompa i zalogowaniu się na użytkownika wszystko stanęło na jakieś 10 min, po tym czasie większość rzeczy działała, ale avast wykrył mi sporo wirusów Win32:Malware. Część z nich usunąłem, a część wrzuciłem do kwarantanny Screen. Po restarcie kompa nie było dźwięku (prawdopodobnie usunąłem zainfekowane sterowniki(?)) Robiłem pełny skan programem Malwarebytes' Anti-Malware, który wykrył masę adware'ów i trojana, większość usunąłem ale paru się nie dało. Załączam logi z RSIT, OTL i 2 logi ze skanowania Malwarebytes' Anti-Malware.

Proszę o pomoc.

log.txt

OTL.Txt

mbam_log_2010_04_01__11_56_33_.txt

mbam_log_2010_04_01__13_45_04_.txt

Link do komentarza
Udostępnij na innych stronach

Niestety nie mogłem załączyć loga z GMER'a w załączniku "Wysyłanie zakończone niepowodzeniem. Nie masz uprawnień do wysyłania plików o takim rozszerzeniu"

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 19:26:50
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT            span.sys                                                                                                              ZwCreateKey [0xF74D60E0]
SSDT            span.sys                                                                                                              ZwEnumerateKey [0xF74F4CA4]
SSDT            span.sys                                                                                                              ZwEnumerateValueKey [0xF74F5032]
SSDT            span.sys                                                                                                              ZwOpenKey [0xF74D60C0]
SSDT            span.sys                                                                                                              ZwQueryKey [0xF74F510A]
SSDT            span.sys                                                                                                              ZwQueryValueKey [0xF74F4F8A]
SSDT            span.sys                                                                                                              ZwSetValueKey [0xF74F519C]

INT 0x62        ?                                                                                                                     8A193BF8
INT 0x63        ?                                                                                                                     8A193BF8
INT 0x63        ?                                                                                                                     8A193BF8
INT 0x63        ?                                                                                                                     89F6FBF8
INT 0x63        ?                                                                                                                     8A193BF8
INT 0x82        ?                                                                                                                     8A193BF8
INT 0x83        ?                                                                                                                     89F6FBF8
INT 0xA4        ?                                                                                                                     89F6FBF8
INT 0xB4        ?                                                                                                                     89F6FBF8

---- Kernel code sections - GMER 1.0.15 ----

?               span.sys                                                                                                              Nie można odnaleźć określonego pliku. !
.text           USBPORT.SYS!DllUnload                                                                                                 BADF48AC 5 Bytes  JMP 89F6F1D8
.text           a341e5t1.SYS                                                                                                          BAD82386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a341e5t1.SYS                                                                                                          BAD823AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a341e5t1.SYS                                                                                                          BAD823C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           a341e5t1.SYS                                                                                                          BAD823C9 1 Byte  [2E]
.text           a341e5t1.SYS                                                                                                          BAD823C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text           ...                                                                                                                  

---- User code sections - GMER 1.0.15 ----

.text           D:\Program Files\Mozilla Firefox\firefox.exe[1328] ntdll.dll!LdrLoadDll                                               7C9163A3 5 Bytes  JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                    8A20A2D8
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                  [F7507C4C] span.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                     [F7507CA0] span.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F74D7042] span.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F74D713E] span.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [F74D70C0] span.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [F74D7800] span.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [F74D76D6] span.sys
IAT             \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  89F6F2D8
IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F74E6E9C] span.sys
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                          8D52FF55
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!swprintf]                                                      8D51F84D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSetEvent]                                                    5052F455
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                          EACAE856
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                                 C483FFFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                          0FC08520
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                          0001AD85
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                           46B70F00
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                         F44D8B48
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                                C1815753
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                    00011D90
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IofCompleteRequest]                                            467C8D51
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                       77CEE84A
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IofCallDriver]                                                 D88BFFFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                      8504C483
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                       5F0A75DB
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoConnectInterrupt]                                            5B08438D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDetachDevice]                                                5DE58B5E
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                         1D9068C3
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeEvent]                                             006A0001
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeCancelTimer]                                                 88AEE853
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                  558DFFFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlInitAnsiString]                                             90838DF8
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                                 5200011D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoQueueWorkItem]                                               03895750
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapIoSpace]                                                  FFF363E8
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                   0C458AFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                        8B104D8B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                  43881855
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                   1C458B08
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                              0F544389
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                             89FF45B6
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                      4D8B0C4B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                              50538920
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!sprintf]                                                       8824558B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                  4B890A43
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObfDereferenceObject]                                          5C538958
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                  8306468A
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                       3F2418C4
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwClose]                                                       74FF4588
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                     F8B60F79
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                       1A8C8B8D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                  8D510000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                           50572846
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoCreateDevice]                                                00D2F7E8
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                          80938D00
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                               5200001B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                        5728468D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwOpenKey]                                                     ECF6E850
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                          B60F0000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartTimer]                                                  938DFF45
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeTimer]                                             0000026B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInitializeTimer]                                             B908C683
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeDpc]                                               00000008
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                          A5F3FA8B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInitializeIrp]                                               8808758B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwCreateKey]                                                   00026883
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                                06468A00
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                     8306E8C0
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwSetValueKey]                                                 023C18C4
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                              02698388
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                  19750000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartPacket]                                                 028C8B8D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                                52510000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                                 00C287E8
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeMdl]                                                     08C48300
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnlockPages]                                                 0575C085
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                          EB08708D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                      07568A54
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                           026A9388
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                        83660000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                        7601487E
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartNextPacket]                                             4AC68305
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeBugCheckEx]                                                  F63302EB
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                           5614458B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSetTimer]                                                    79E85350
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_allmul]                                                       8BFFFFF4
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                           83FF33F0
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_except_handler3]                                              F73B0CC4
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoSetPowerState]                                               7D801E75
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                       850F050C
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                         00000090
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                        51F84D8B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_aulldiv]                                                      F84AE853
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!strstr]                                                        C483FFFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_strupr]                                                       75C08408
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeQuerySystemTime]                                             08778D76
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                      F34AE853
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeTickCount]                                                   C483FFFF
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                   00F46804
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDeleteDevice]                                                938D0000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                         00001A8C
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                            E852006A
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateIrp]                                                 FFFF878C
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateMdl]                                                 0000F468
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                     80838D00
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                      6A00001B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                    79E85000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                   33FFFF87
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                             6B8389C0
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeIrp]                                                     89000002
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeWorkItem]                                                00026F83
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!InitSafeBootMode]                                              73838900
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCompareMemory]                                              89000002
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoCallDriver]                                                  00027783
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!memmove]                                                       7B838900
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmHighestUserAddress]                                          89000002
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfAcquireSpinLock]                                                  CCCCCCC3
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_UCHAR]                                                    CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KeGetCurrentIrql]                                                   CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfRaiseIrql]                                                        CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfLowerIrql]                                                        8BEC8B55
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!HalGetInterruptVector]                                              00C73445
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!HalTranslateBusAddress]                                             00000000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KeStallExecutionProcessor]                                          830C458B
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfReleaseSpinLock]                                                  C0840CEC
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            053C0D74
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_USHORT]                                                   57B80974
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                           8B000000
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                   56C35DE5
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[WMILIB.SYS!WmiSystemControl]                                                8D51FC4D
IAT             \SystemRoot\System32\Drivers\a341e5t1.SYS[WMILIB.SYS!WmiCompleteRequest]                                              8D52FD55

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                8A1921F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                         89655500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9CA76439-71DB-4966-9969-480ADD03AA98}                                              896E71F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                              aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                      8A07F1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                             8A2081F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                               8A2081F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                  8A2081F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                 8A2081F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                      8A07F1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                      8A07F1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                      8A07F1F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                      8A043500

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\PCI_PNP4404 \Device\00000049                                                                                  span.sys
Device          \Driver\PCI_PNP4404 \Device\00000049                                                                                  span.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                8A1941F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                8A1941F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                          8A046500
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                8A1941F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                          8A046500
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                    [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                    [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19                                                                          [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e                                                                           [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                8A1941F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{6A5DF57B-A8B0-4710-923C-69CC41947F8D}                                              896E71F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               896E71F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      896E71F8
Device          \Driver\sptd \Device\2828425654                                                                                       span.sys

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{0569861F-0830-45EB-BE54-DF076C0ACAD7}                                              896E71F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                      8A07F1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                      8A07F1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     896E11F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                      8A07F1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           896E11F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                      8A07F1F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                      8A043500
Device          \Driver\Ftdisk \Device\FtControl                                                                                      8A1941F8
Device          \Driver\a341e5t1 \Device\Scsi\a341e5t11                                                                               8A0851F8
Device          \Driver\a341e5t1 \Device\Scsi\a341e5t11Port4Path0Target0Lun0                                                          8A0851F8
Device          \FileSystem\Fastfat \Fat                                                                                              89655500
Device          \FileSystem\Cdfs \Cdfs                                                                                                89656500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   D:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xD0 0x24 0xF0 0x5D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x9B 0x42 0xF0 0x56 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x74 0xD4 0x14 0x4C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       D:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xD0 0x24 0xF0 0x5D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x9B 0x42 0xF0 0x56 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x74 0xD4 0x14 0x4C ...

---- EOF - GMER 1.0.15 ----

Skana Dr.Web CureIt! robiłem, nic nie wykrył.

Ale komp wciąż po zalogowaniu łazi minute po czym wszystko staje i trzeba czekać -.- ..

Mam pytanie, co zrobić z tymi plikami co są w kwarantannie?

Link do komentarza
Udostępnij na innych stronach

Przepraszam, umknął mi ten temat.

Plik:

D:\Windows\System32\Drivers\a341e5t1.SYS

sprawdź na VirusTotal. I wklej tu link do wyników skanowania.

Wklej na forum zawartość pliku

D:\WINDOWS\System32\fjhdyfhsn.bat

Pliki w kwarantannie możesz zostawić, lub usunąć. Wedle uznania.

Uruchom OTL i w pole Custom scans/fixes wklej

:Files
D:\Documents and Settings\LocalService\Dane aplikacji\jasltw.dat
D:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat

:Commands
[emptytemp]

wklej na forum powstały log, a następnie wykonaj nowe skanowanie za pomocą OTL i wklej log, który zostanie wygenerowany.

Poza tym w wierszu poleceń wpisz komendę

tasklist /svc

i wklej na forum to, co ona zwraca.

Link do komentarza
Udostępnij na innych stronach

No to tak.

-pliku a341e4t1.sys nie mam :|

-jak otworzyć ten plik ( fjhdyfhsn.bat) ? Po podwójnym kliknięciu na mniej niż sekundę konsolka, a w niej napis (to co udało mi się rozczytać) "Nie można otworzyć pliku D:\Program Files\...\Internet Explorer..."

-po wklejeniu do tego Custom scan/fixes co zrobić żeby powstał log?

-Po wpisaniu tej komendy dostałem to:

D:\Documents and Settings\Administrator>tasklist /svc

Nazwa obrazu                 PID Usługi
========================= ====== =============================================
System Idle Process            0 Brak
System                         4 Brak
smss.exe                     764 Brak
csrss.exe                    828 Brak
winlogon.exe                 860 Brak
services.exe                 904 Eventlog, PlugPlay
lsass.exe                    916 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe                1084 Ati HotKey Poller
svchost.exe                 1100 DcomLaunch, TermService
svchost.exe                 1172 RpcSs
svchost.exe                 1324 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
                                 dmserver, ERSvc, EventSystem,
                                 FastUserSwitchingCompatibility, helpsvc,
                                 lanmanserver, lanmanworkstation, Netman,
                                 Nla, RasMan, Schedule, seclogon, SENS,
                                 SharedAccess, ShellHWDetection, srservice,
                                 TapiSrv, Themes, TrkWks, W32Time, winmgmt,
                                 wscsvc, wuauserv, WZCSVC
svchost.exe                 1484 Dnscache
svchost.exe                 1536 LmHosts, RemoteRegistry, SSDPSRV, WebClient
aswUpdSv.exe                1688 aswUpdSv
ati2evxx.exe                1716 Brak
ashServ.exe                 1772 avast! Antivirus
spoolsv.exe                  384 Spooler
explorer.exe                 820 Brak
winampa.exe                 1216 Brak
jusched.exe                 1228 Brak
ashDisp.exe                 1244 Brak
GrooveMonitor.exe           1372 Brak
AirPacewifi.exe             1392 Brak
hamachi-2-ui.exe            1420 Brak
essvr.exe                    664 ES lite Service
RTHDCPL.exe                  724 Brak
hamachi-2.exe                588 Hamachi2Svc
jqs.exe                     1656 JavaQuickStarterService
PnkBstrA.exe                1416 PnkBstrA
TBPANEL.exe                 1520 Brak
PnkBstrB.exe                1904 PnkBstrB
gg.exe                      2116 Brak
Skype.exe                   2136 Brak
msmsgs.exe                  2184 Brak
ctfmon.exe                  2232 Brak
WeatherBugAlert.exe         2248 Brak
Xfire.exe                   2268 Brak
StarWindServiceAE.exe       2688 StarWindServiceAE
ashMaiSv.exe                3144 avast! Mail Scanner
ashWebSv.exe                3200 avast! Web Scanner
wmiapsrv.exe                3820 WmiApSrv
alg.exe                     2800 ALG
skypePM.exe                 3516 Brak
PresentationFontCache.exe   1644 FontCache3.0.0.0
wscntfy.exe                 3208 Brak
jucheck.exe                 2500 Brak
wuauclt.exe                 3980 Brak
gg.exe                      1592 Brak
mirc.exe                     668 Brak
firefox.exe                 1436 Brak
OTL.exe                     3800 Brak
wmiprvse.exe                3128 Brak
cmd.exe                     4060 Brak
tasklist.exe                 440 Brak

Sorry za te wszystkie pytania, ale zielony w tych sprawach jestem : P

Link do komentarza
Udostępnij na innych stronach

No to tak.

-pliku a341e4t1.sys nie mam :|

Czyli pewnie plik alcohola.

-jak otworzyć ten plik ( fjhdyfhsn.bat) ? Po podwójnym kliknięciu na mniej niż sekundę konsolka, a w niej napis (to co udało mi się rozczytać) "Nie można otworzyć pliku D:\Program Files\...\Internet Explorer..."

Plik fjhdyfhsn.bat otwórz w notatniku (lub czymś podobnym).

-po wklejeniu do tego Custom scan/fixes co zrobić żeby powstał log?

Przepraszam, zapomniałem napisać. Naciśnij Run Fix.

W tasklist /svc nic nie widzę. Po uruchomieniu otwórz menedźer zadań, przejdź na kartę procesy, ustaw sortowanie według zużycia procesora i sprawdź, czy wtedy gdy komputer się tnie coś nie zżera całych zasobów. Jeśli coś będzie zużywało bardzo dużo czasu procesora, to napisz co.

Link do komentarza
Udostępnij na innych stronach

Otworzyłem ten plik w notatniku i wyszło to:

@echo off
:try
@del /F /Q "D:\Program Files\Internet Explorer\iexplore.exe"
if exist "D:\Program Files\Internet Explorer\iexplore.exe" goto try

Nacisnąłem "Run Fix" jak kazałeś i po restarcie systemu otworzył się notatnik z tym:

All processes killed
========== FILES ==========
D:\Documents and Settings\LocalService\Dane aplikacji\jasltw.dat moved successfully.
D:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1259348856 bytes
->Temporary Internet Files folder emptied: 7535338 bytes
->Java cache emptied: 40625802 bytes
->FireFox cache emptied: 76992989 bytes
->Flash cache emptied: 2312857 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 865487 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1676730 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 36224 bytes
Windows Temp folder emptied: 1167716 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 326,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04052010_170856

Files\Folders moved on Reboot...
File move failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_6ec.dat not found!

Registry entries deleted on Reboot...

Następnie zrobiłem skana OTL'em

OTL logfile created on: 2010-04-05 17:48:33 - Run 3
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 4,23 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 94,91 Gb Free Space | 25,78% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe
PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe
PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe
PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll
MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-04-05 17:10:53 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-06-29 18:29:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M]

[2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-04-05 01:04:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions
[2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com
[2010-03-01 00:05:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com
[2010-02-25 00:01:34 | 000,009,977 | ---- | M] () -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml
[2010-04-05 17:30:30 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - D:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST]  File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe ()
O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-21 23:43:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-10-21 16:05:32 | 000,000,039 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-04-05 17:11:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL
[2010-04-05 15:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder (2)
[2010-04-05 15:34:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder
[2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe
[2010-04-04 20:59:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\WDM_R154
[2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit
[2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb
[2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi
[2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2
[2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM
[2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang
[2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire
[2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-04-05 17:10:53 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys
[2010-04-05 17:10:47 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job
[2010-04-05 17:10:47 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job
[2010-04-05 17:10:46 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job
[2010-04-05 17:10:42 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010-04-05 17:10:38 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010-04-05 17:09:47 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010-04-05 17:09:47 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010-04-05 17:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010-04-03 17:50:36 | 003,932,214 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\screen.bmp
[2010-04-02 16:28:14 | 000,018,495 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\b7a9d29dea77c7226d05056516ceff47.jpg
[2010-04-01 15:10:32 | 002,630,934 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\kwarantanna.bmp
[2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010-04-01 01:13:05 | 000,000,703 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-03-31 20:45:20 | 000,052,174 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\logoostatnie.jpg
[2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010-03-30 14:44:41 | 000,000,148 | ---- | M] () -- D:\WINDOWS\System32\fjhdyfhsn.bat
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini
[2010-03-15 00:06:58 | 000,123,358 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\iksde.JPG
[2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx
[2010-03-07 22:42:24 | 000,045,360 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\4a1058b13e5a50d3.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-03 17:50:36 | 003,932,214 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\screen.bmp
[2010-04-02 16:28:13 | 000,018,495 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\b7a9d29dea77c7226d05056516ceff47.jpg
[2010-04-01 15:10:32 | 002,630,934 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\kwarantanna.bmp
[2010-04-01 01:13:05 | 000,000,703 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-03-31 20:45:20 | 000,052,174 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\logoostatnie.jpg
[2010-03-30 14:44:41 | 000,000,148 | ---- | C] () -- D:\WINDOWS\System32\fjhdyfhsn.bat
[2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-03-15 00:06:50 | 000,123,358 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\iksde.JPG
[2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx
[2010-03-07 22:42:23 | 000,045,360 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\4a1058b13e5a50d3.jpg
[2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI
[2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini
[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt
[2009-06-29 18:29:49 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys
[2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini
[2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys
[2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI
[2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation
< End of report >

W tasklist /svc nic nie widzę. Po uruchomieniu otwórz menedźer zadań, przejdź na kartę procesy, ustaw sortowanie według zużycia procesora i sprawdź, czy wtedy gdy komputer się tnie coś nie zżera całych zasobów. Jeśli coś będzie zużywało bardzo dużo czasu procesora, to napisz co.

Kurde, te "tnienie" nie jest "klasyczne",że nic się nie da zrobić. Mogę ruszać myszką, widać nawet że niektóre programy działają (np. odpala się xfire i inne programiki z auto startu), ale kiedy chcę najechać na pasek zadań myszka zamienia się w klepsydrę. Jeżeli kliknę na jakiś program w pasku szybkiego uruchamiania (kiedy myszka jest klepsydrą) to odpali się on dopiero po "odetnięciu się" kompa.

Nie udało mi się odpalić menadżera zadań przed "zacięciem".

Link do komentarza
Udostępnij na innych stronach

Usuń ten plik, o którym mowa na początku (fjhdyfhsn.bat). Nic dobrego to nie jest. Log zaraz sprawdzę.

Daj jeszcze screen z zakładką Health z programu HDTune (o ile zdążysz).

PCConfidental potrafi spowalniać system i na Twoim miejscu bym to usunął. Można to zrobić przez Dodaj/Usuń programy.

Daj też log z SUPERAntispyware Free. Najpierw uaktualnij program, wyłącz automatyczne uruchamianie przy starcie systemu. Następnie przeprowadź skanowanie w trybie awaryjnym. Nie wolno w tym czasie mieć włączonej żadnej przeglądarki!

Link do komentarza
Udostępnij na innych stronach

Plik usunąłem, PCConfidental'a też.

Screen z HDTune ma być wtedy kiedy komp "się tnie" czy juz po "odetkaniu"?

Jak po to tu jest screen .

Zrobiłem skana tym SuperAntispyware. Oto log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/06/2010 at 00:51 AM

Application Version : 4.35.1002

Core Rules Database Version : 4771
Trace Rules Database Version: 2583

Scan type       : Complete Scan
Total Scan Time : 01:06:02

Memory items scanned      : 230
Memory threats detected   : 0
Registry items scanned    : 6039
Registry threats detected : 185
File items scanned        : 23265
File threats detected     : 72

Adware.Tracking Cookie
    D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@hit.stat[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@77tracking[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@adstat.4u[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ad.adocean[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@mywebsearch[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@please[3].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@viacom.adbureau[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@xfire.adbureau[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@dmtracker[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ads.akonet[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ads.planespotters[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@accounts.digsby[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@eaeacom.112.2o7[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ads.motogen[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ads.businessclick[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@glossymedia[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@ad.bm.net[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[1].txt
    D:\Documents and Settings\Administrator\Cookies\administrator@accounts[2].txt

Adware.MyWebSearch/FunWebProducts
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
    HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
    HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
    HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
    HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
    HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-583907252-1965331169-839522115-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g ]

Trojan.Agent/Gen-Nullo[Short]
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070328.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070329.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070330.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070331.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070332.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070333.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070334.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070335.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070336.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070337.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070338.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070339.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070340.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070341.SCR
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070343.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070344.SCR
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070345.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070346.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070347.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070348.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070349.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070350.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070351.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070352.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070353.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070354.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070355.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070356.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070357.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070358.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070369.EXE
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070371.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070372.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070373.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070374.DLL
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070375.DLL

Link do komentarza
Udostępnij na innych stronach

Wyłącz i ponownie włącz przywracanie systemu, bo w punktach przywracania są szkodniki.

Dysk należy mieć na oku, bo są 2 realokowane sektory. Niby nie powinny być one przyczyną, ale daj jeszcze screena z zakładki Benchmark z HD Tune (tylko najpierw przeprowadź test klikając Start w tej karcie).

Sprawdź czy w podglądzie zdarzeń (Panel sterowania > Narzędzia administracyjne > Podgląd zdarzeń) są jakieś błędy, jeśli tak, to wklej ich zawartość na forum.

Link do komentarza
Udostępnij na innych stronach

Wyłącz i ponownie włącz przywracanie systemu, bo w punktach przywracania są szkodniki.

Wyłączyłem i włączyłem.

daj jeszcze screena z zakładki Benchmark z HD Tune (tylko najpierw przeprowadź test klikając Start w tej karcie).

Screen z zakładki Benchmark z HDTune.

Sprawdź czy w podglądzie zdarzeń (Panel sterowania > Narzędzia administracyjne > Podgląd zdarzeń) są jakieś błędy, jeśli tak, to wklej ich zawartość na forum.

Jest i to pełno :/

Wszystko wkleić? Pytam się bo sporo tego będzie :|.

Link do komentarza
Udostępnij na innych stronach

Przesłałem na PW wiadomość jak wyeksportować dziennik.

Zobaczmy jeszcze coś takiego:

Wygeneruj nowy log z OTL, tym razem pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane logi.

Daj też log z GMERa, tylko najpierw usuń wszystkie programy emulujące napędy oraz usuń sterownik SPTD za pomocą tego programu.

Link do komentarza
Udostępnij na innych stronach

Oto 2 logi z OTL

pierwszy:

OTL logfile created on: 2010-04-06 19:06:41 - Run 4
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 6,01 Gb Free Space | 15,39% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe
PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe
PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe
PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll
MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-04-06 17:08:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-06-29 18:29:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M]

[2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-04-06 01:14:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions
[2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com
[2010-03-01 00:05:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com
[2010-02-25 00:01:34 | 000,009,977 | ---- | M] () -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml
[2010-04-06 19:03:05 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST]  File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe ()
O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-21 23:43:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-10-21 16:05:32 | 000,000,039 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-04-06 18:18:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder
[2010-04-06 17:13:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-04-05 22:29:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
[2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
[2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2010-04-05 22:25:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Inne
[2010-04-05 22:21:38 | 000,000,000 | ---D | C] -- D:\Program Files\HD Tune
[2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL
[2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe
[2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit
[2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb
[2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi
[2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2
[2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM
[2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang
[2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire
[2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-04-06 19:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-04-06 18:20:23 | 001,079,334 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar
[2010-04-06 18:18:22 | 000,118,060 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt
[2010-04-06 18:17:53 | 000,436,896 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt
[2010-04-06 18:17:00 | 000,524,204 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt
[2010-04-06 17:08:32 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job
[2010-04-06 17:08:32 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job
[2010-04-06 17:08:31 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job
[2010-04-06 17:08:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys
[2010-04-06 17:08:11 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010-04-06 17:08:07 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010-04-06 10:50:28 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010-04-06 10:50:28 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010-04-06 10:43:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-04-06 01:50:44 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp
[2010-04-05 22:29:42 | 000,000,787 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2010-04-05 22:25:34 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp
[2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini
[2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-06 18:20:23 | 001,079,334 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar
[2010-04-06 18:18:22 | 000,118,060 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt
[2010-04-06 18:17:53 | 000,436,896 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt
[2010-04-06 18:17:00 | 000,524,204 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt
[2010-04-06 01:50:44 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp
[2010-04-05 22:29:42 | 000,000,787 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2010-04-05 22:25:34 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp
[2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx
[2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI
[2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini
[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt
[2009-06-29 18:29:49 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys
[2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini
[2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys
[2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI
[2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-08-02 13:15:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock
[2010-03-27 19:38:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2
[2010-01-28 22:30:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009-10-03 11:56:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Dark Sector
[2009-11-18 17:04:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Disney Interactive Studios
[2009-08-19 19:54:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire
[2009-10-12 15:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\GetRightToGo
[2010-02-05 20:09:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-02-28 10:46:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\ManyCam
[2010-03-01 20:59:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Notepad++
[2009-08-04 00:28:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly
[2010-03-14 14:31:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2010-03-01 22:03:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\XnView
[2009-11-23 16:49:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2009-08-21 23:55:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-06-29 18:44:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Fallout3
[2009-12-29 22:16:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Universal abit
[2010-02-24 22:44:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Winferno
[2009-10-12 16:11:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\WinZip
[2009-09-05 21:20:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\{FD71DB76-A64B-4A16-BD57-1CC61B92D082}
[2010-04-06 17:08:31 | 000,000,416 | ---- | M] () -- D:\WINDOWS\Tasks\PCConfidential.job
[2010-04-06 17:08:32 | 000,000,434 | ---- | M] () -- D:\WINDOWS\Tasks\RegPowerClean.job
[2010-04-06 17:08:32 | 000,000,420 | ---- | M] () -- D:\WINDOWS\Tasks\RPCReminder.job
[2010-04-06 19:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation
< End of report >

i drugi:

OTL Extras logfile created on: 2010-04-06 19:06:41 - Run 4
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 6,01 Gb Free Space | 15,39% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher
"6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Company of Heroes\RelicCOH.exe" = E:\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.)
"E:\Civilization\Civilization4.exe" = E:\Civilization\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\Civilization\Warlords\Civ4Warlords.exe" = E:\Civilization\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe" = E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"D:\Program Files\Electronic Arts\EADM\Core.exe" = D:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found
"E:\Mass Effect\Binaries\MassEffect.exe" = E:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"E:\Mass Effect\MassEffectLauncher.exe" = E:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"E:\World in Conflict\wic.exe" = E:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment)
"E:\World in Conflict\wic_online.exe" = E:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Tylko online -- (Massive Entertainment)
"E:\World in Conflict\wic_ds.exe" = E:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serwer -- ()
"E:\Company of Heroes\RelicDownloader\RelicDownloader.exe" = E:\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"E:\CoD 4\iw3mp.exe" = E:\CoD 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"E:\X-Men Wolverine\Binaries\Wolverine.exe" = E:\X-Men Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software)
"E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe" = E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek -- (BioWare)
"E:\Dragon Age KB\DAOriginsLauncher.exe" = E:\Dragon Age KB\DAOriginsLauncher.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek Program startowy -- (BioWare)
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"E:\OF Dragon Rising Demo\OFDR Demo.exe" = E:\OF Dragon Rising Demo\OFDR Demo.exe:*:Enabled:OF Dragon Rising Demo -- (Codemasters Software Company Limited)
"E:\Dragon Age\bin_ship\daorigins.exe" = E:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare)
"E:\Dragon Age\DAOriginsLauncher.exe" = E:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare)
"E:\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"E:\CoD WaW\CoDWaW.exe" = E:\CoD WaW\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)  -- (Activision Blizzard, Inc.)
"E:\CoD WaW\CoDWaWmp.exe" = E:\CoD WaW\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)  -- (Activision Blizzard, Inc.)
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library -- (Ubisoft)
"E:\Steam\SteamApps\common\fear2\FEAR2.exe" = E:\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)
"E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"E:\Mass Effect 2\Binaries\MassEffect2.exe" = E:\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Gra -- (BioWare)
"E:\Mass Effect 2\MassEffect2Launcher.exe" = E:\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Program startowy -- (BioWare)
"E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe" = E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe" = E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe" = E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"E:\Burnout Paradise\BurnoutLauncher.exe" = E:\Burnout Paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\Burnout Paradise\BurnoutConfigTool.exe" = E:\Burnout Paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\Burnout Paradise\BurnoutParadise.exe" = E:\Burnout Paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\ Civilization IV Colonization\Colonization.exe" = E:\ Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
"E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = abit AirPace Wi-Fi
"{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest
"{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype? 4.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional
"{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish
"{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish
"{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War
"{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends
"{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3D52783B-BDF6-4596-8C24-439306CE884D}" = abit AirPace Wi-Fi
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish
"{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek
"{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian
"{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese
"{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo
"{4F94C716-D33A-4AC4-AB3C-93D7FA5975A0}" = King's Bounty - Wojownicza Księżniczka DEMO
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static
"{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo
"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{756AB9A1-607A-4305-BA74-AF7D2D3344DE}" = King's Bounty - Wojownicza Księżniczka
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall
"{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0}" = SETTLERS - Dziedzictwo Królów - Złota edycja
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom BETA
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech
"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish
"{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All
"{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish
"{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}" = Overlord II - DEMO
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims? 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB38FA94-F36F-44EA-B5B0-177EF8C6C51E}" = Planescape Torment
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Kreator bohaterów do gry Dragon Age: Początek
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean
"{e8513359-ce76-4a4f-b019-25a00384432d}" = Nero 9 Essentials
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ALLPlayer_is1" = ALLPlayer V4.X
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne
"Ceville" = Ceville
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"Company of Heroes" = Company of Heroes
"Dark Sector/PL-Polish_is1" = Dark Sector
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drakensang_is1" = Drakensang
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Frets on Fire - Alarian mod 2.7" = Frets on Fire - Alarian mod 2.7
"Gadu-Gadu" = Gadu-Gadu 7.6
"HD Tune_is1" = HD Tune 2.55
"Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete
"HijackThis" = HijackThis 2.0.2
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy1.0" = Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Sins of a Solar Empire" = Sins of a Solar Empire
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 33310" = R.U.S.E. Beta
"VLC media player" = VLC media player 0.9.8a
"Vtune ATI_is1" = Vtune ATI 4.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.97.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NHCmod OF v1.4d" = NHCmod OF v1.4d

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2009-11-09 13:17:07 | Computer Name = DOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/suggest?hl=pl&sugexp=22533&pq=%22Monitor%20CRT%20strasznie%20intensywnie%20swieci...%22&q=monitor%20crt%20e&cp=13
failed, 0000A413.  

Error - 2009-11-10 11:01:10 | Computer Name = DOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl=pl&q=ri
failed, 0000A413.  

[ Application Events ]
Error - 2010-01-03 15:04:25 | Computer Name = DOME | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3623, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-01-03 16:30:32 | Computer Name = DOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd reliccoh.exe, wersja 2.601.0.169, moduł
powodujący błąd msvcr80.dll, wersja 8.0.50727.4053, adres błędu 0x0001500a.

Error - 2010-01-05 10:58:36 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated

Error - 2010-01-05 10:59:59 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated

Error - 2010-01-06 16:23:54 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-06 16:24:08 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-06 16:24:24 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-07 16:15:09 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-07 18:53:05 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands 1.01 Update -- This package will only update
the retail DVD version of Borderlands. If you purchased your copy from an online
digital distribution service that allowed you to download the product, then you
must receive updates from them.

Error - 2010-01-08 17:07:42 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands 1.01 Update -- This package will only update
the retail DVD version of Borderlands. If you purchased your copy from an online
digital distribution service that allowed you to download the product, then you
must receive updates from them.

[ System Events ]
Error - 2010-04-05 16:36:53 | Computer Name = DOME | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ?%1084? podczas próby uruchomienia usługi
EventSystem z argumentami ??  w celu uruchomienia serwera:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu:   %%31

Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu:   %%31

Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi Środowisko obsługi sieci
AFD, której nie można uruchomić z powodu następującego błędu:   %%31

Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu:   %%31

Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:   Aavmker4  AFD  appdrv01  aswSP  aswTdi  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error - 2010-04-05 18:53:35 | Computer Name = DOME | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd ?%1084? podczas próby uruchomienia usługi
EventSystem z argumentami ??  w celu uruchomienia serwera:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-04-05 18:55:00 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2

Error - 2010-04-06 04:04:25 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2

Error - 2010-04-06 11:08:28 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2


< End of report >

Próbowałem robić GMER'em, ale kiedy chce zapisać loga to się zacina :/

Link do komentarza
Udostępnij na innych stronach

Daj też log z GMERa, tylko najpierw usuń wszystkie programy emulujące napędy oraz usuń sterownik SPTD za pomocą tego programu.

W Custom Scans/Fixes w OTL wklej to co poniżej:

:Processes
killallprocesses

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor="
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

:Files
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml
C:\AUTOEXEC.BAT
D:\WINDOWS\tasks\PCConfidential.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

i kliknij run fix. Wrzuć na forum log z tej operacji.

Następnie wygeneruj i wrzuć na forum świeże logi z OTL wykonane w ten sam sposób, jak poprzednio.

Link do komentarza
Udostępnij na innych stronach

Log z OTL po tej operacji :

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine
Prefs.js: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.3.1.313 removed from extensions.enabledItems
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
D:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File D:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File D:\Program Files\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\logs folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\defaults folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\datastore folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp\skin.Sun-28-Feb-2010-14-37-39-GMT folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-28-Feb-2010-22-05-26-GMT folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com folder moved successfully.
D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml moved successfully.
C:\AUTOEXEC.BAT moved successfully.
D:\WINDOWS\tasks\PCConfidential.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1717811 bytes
->Temporary Internet Files folder emptied: 8067519 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34878882 bytes
->Flash cache emptied: 43928 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 740012 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196608 bytes
RecycleBin emptied: 65670 bytes

Total Files Cleaned = 44,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04062010_235437

Files\Folders moved on Reboot...
File move failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. D:\WINDOWS\temp\Perflib_Perfdata_6d0.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Log z OTL

OTL logfile created on: 2010-04-07 19:00:56 - Run 5
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,95 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe
PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe
PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe
PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll
MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-04-07 15:43:47 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M]

[2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-04-07 16:36:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions
[2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com
[2010-04-07 18:58:10 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST]  File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe ()
O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-04-07 15:44:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-04-06 18:18:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder
[2010-04-05 22:29:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
[2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
[2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2010-04-05 22:25:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Inne
[2010-04-05 22:21:38 | 000,000,000 | ---D | C] -- D:\Program Files\HD Tune
[2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL
[2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe
[2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro
[2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit
[2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb
[2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi
[2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys
[2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2
[2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2
[2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM
[2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang
[2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire
[2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-04-07 19:01:57 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-04-07 15:44:20 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job
[2010-04-07 15:44:19 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job
[2010-04-07 15:43:47 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys
[2010-04-07 15:43:33 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010-04-07 15:43:29 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010-04-07 07:33:06 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010-04-07 07:33:06 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010-04-06 18:20:23 | 001,079,334 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar
[2010-04-06 18:18:22 | 000,118,060 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt
[2010-04-06 18:17:53 | 000,436,896 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt
[2010-04-06 18:17:00 | 000,524,204 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt
[2010-04-06 10:43:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-04-06 01:50:44 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp
[2010-04-05 22:29:42 | 000,000,787 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2010-04-05 22:25:34 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp
[2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini
[2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-06 18:20:23 | 001,079,334 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar
[2010-04-06 18:18:22 | 000,118,060 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt
[2010-04-06 18:17:53 | 000,436,896 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt
[2010-04-06 18:17:00 | 000,524,204 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt
[2010-04-06 01:50:44 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp
[2010-04-05 22:29:42 | 000,000,787 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2010-04-05 22:25:34 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp
[2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx
[2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI
[2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini
[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt
[2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys
[2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini
[2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys
[2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI
[2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-08-02 13:15:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock
[2010-03-27 19:38:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2
[2010-01-28 22:30:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009-10-03 11:56:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Dark Sector
[2009-11-18 17:04:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Disney Interactive Studios
[2009-08-19 19:54:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire
[2009-10-12 15:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\GetRightToGo
[2010-02-05 20:09:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-02-28 10:46:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\ManyCam
[2010-03-01 20:59:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Notepad++
[2009-08-04 00:28:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly
[2010-03-14 14:31:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2010-03-01 22:03:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\XnView
[2009-11-23 16:49:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2009-08-21 23:55:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-06-29 18:44:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Fallout3
[2009-12-29 22:16:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Universal abit
[2010-02-24 22:44:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Winferno
[2009-10-12 16:11:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\WinZip
[2009-09-05 21:20:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\{FD71DB76-A64B-4A16-BD57-1CC61B92D082}
[2010-04-07 15:44:20 | 000,000,434 | ---- | M] () -- D:\WINDOWS\Tasks\RegPowerClean.job
[2010-04-07 15:44:19 | 000,000,420 | ---- | M] () -- D:\WINDOWS\Tasks\RPCReminder.job
[2010-04-07 19:01:57 | 000,000,250 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation
< End of report >

Extras:

OTL Extras logfile created on: 2010-04-07 19:00:57 - Run 5
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,95 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher
"6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Company of Heroes\RelicCOH.exe" = E:\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.)
"E:\Civilization\Civilization4.exe" = E:\Civilization\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\Civilization\Warlords\Civ4Warlords.exe" = E:\Civilization\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe" = E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"D:\Program Files\Electronic Arts\EADM\Core.exe" = D:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found
"E:\Mass Effect\Binaries\MassEffect.exe" = E:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"E:\Mass Effect\MassEffectLauncher.exe" = E:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"E:\World in Conflict\wic.exe" = E:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment)
"E:\World in Conflict\wic_online.exe" = E:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Tylko online -- (Massive Entertainment)
"E:\World in Conflict\wic_ds.exe" = E:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serwer -- ()
"E:\Company of Heroes\RelicDownloader\RelicDownloader.exe" = E:\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"E:\CoD 4\iw3mp.exe" = E:\CoD 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"E:\X-Men Wolverine\Binaries\Wolverine.exe" = E:\X-Men Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software)
"E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe" = E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek -- (BioWare)
"E:\Dragon Age KB\DAOriginsLauncher.exe" = E:\Dragon Age KB\DAOriginsLauncher.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek Program startowy -- (BioWare)
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"E:\OF Dragon Rising Demo\OFDR Demo.exe" = E:\OF Dragon Rising Demo\OFDR Demo.exe:*:Enabled:OF Dragon Rising Demo -- (Codemasters Software Company Limited)
"E:\Dragon Age\bin_ship\daorigins.exe" = E:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare)
"E:\Dragon Age\DAOriginsLauncher.exe" = E:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare)
"E:\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"E:\CoD WaW\CoDWaW.exe" = E:\CoD WaW\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)  -- (Activision Blizzard, Inc.)
"E:\CoD WaW\CoDWaWmp.exe" = E:\CoD WaW\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)  -- (Activision Blizzard, Inc.)
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library -- (Ubisoft)
"E:\Steam\SteamApps\common\fear2\FEAR2.exe" = E:\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)
"E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"E:\Mass Effect 2\Binaries\MassEffect2.exe" = E:\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Gra -- (BioWare)
"E:\Mass Effect 2\MassEffect2Launcher.exe" = E:\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Program startowy -- (BioWare)
"E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe" = E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe" = E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe" = E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"E:\Burnout Paradise\BurnoutLauncher.exe" = E:\Burnout Paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\Burnout Paradise\BurnoutConfigTool.exe" = E:\Burnout Paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\Burnout Paradise\BurnoutParadise.exe" = E:\Burnout Paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"E:\ Civilization IV Colonization\Colonization.exe" = E:\ Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
"E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = abit AirPace Wi-Fi
"{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest
"{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype? 4.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional
"{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish
"{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish
"{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War
"{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends
"{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3D52783B-BDF6-4596-8C24-439306CE884D}" = abit AirPace Wi-Fi
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish
"{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek
"{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian
"{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese
"{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo
"{4F94C716-D33A-4AC4-AB3C-93D7FA5975A0}" = King's Bounty - Wojownicza Księżniczka DEMO
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static
"{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo
"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{756AB9A1-607A-4305-BA74-AF7D2D3344DE}" = King's Bounty - Wojownicza Księżniczka
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall
"{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0}" = SETTLERS - Dziedzictwo Królów - Złota edycja
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom BETA
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech
"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish
"{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All
"{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish
"{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}" = Overlord II - DEMO
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims? 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB38FA94-F36F-44EA-B5B0-177EF8C6C51E}" = Planescape Torment
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Kreator bohaterów do gry Dragon Age: Początek
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean
"{e8513359-ce76-4a4f-b019-25a00384432d}" = Nero 9 Essentials
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ALLPlayer_is1" = ALLPlayer V4.X
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne
"Ceville" = Ceville
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"Company of Heroes" = Company of Heroes
"Dark Sector/PL-Polish_is1" = Dark Sector
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drakensang_is1" = Drakensang
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Frets on Fire - Alarian mod 2.7" = Frets on Fire - Alarian mod 2.7
"Gadu-Gadu" = Gadu-Gadu 7.6
"HD Tune_is1" = HD Tune 2.55
"Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete
"HijackThis" = HijackThis 2.0.2
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy1.0" = Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Sins of a Solar Empire" = Sins of a Solar Empire
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 33310" = R.U.S.E. Beta
"VLC media player" = VLC media player 0.9.8a
"Vtune ATI_is1" = Vtune ATI 4.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.97.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NHCmod OF v1.4d" = NHCmod OF v1.4d

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2009-11-09 13:17:07 | Computer Name = DOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/suggest?hl=pl&sugexp=22533&pq=%22Monitor%20CRT%20strasznie%20intensywnie%20swieci...%22&q=monitor%20crt%20e&cp=13
failed, 0000A413.  

Error - 2009-11-10 11:01:10 | Computer Name = DOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl=pl&q=ri
failed, 0000A413.  

[ Application Events ]
Error - 2010-01-05 10:59:59 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated

Error - 2010-01-06 16:23:54 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-06 16:24:08 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-06 16:24:24 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-07 16:15:09 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands -- This package will only update the retail DVD
version of Borderlands. If you purchased your copy from an online digital distribution
service that allowed you to download the product, then you must receive updates
from them.

Error - 2010-01-07 18:53:05 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands 1.01 Update -- This package will only update
the retail DVD version of Borderlands. If you purchased your copy from an online
digital distribution service that allowed you to download the product, then you
must receive updates from them.

Error - 2010-01-08 17:07:42 | Computer Name = DOME | Source = MsiInstaller | ID = 1013
Description = Product: Borderlands 1.01 Update -- This package will only update
the retail DVD version of Borderlands. If you purchased your copy from an online
digital distribution service that allowed you to download the product, then you
must receive updates from them.

Error - 2010-01-20 07:59:31 | Computer Name = DOME | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.  

Error - 2010-01-20 07:59:31 | Computer Name = DOME | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Określony serwer nie może wykonać żądanej operacji.  

Error - 2010-01-20 12:26:05 | Computer Name = DOME | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca kb.exe, wersja 0.0.0.0, moduł zawieszenia hungapp,
wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa ES lite Service for program management. niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa PnkBstrB niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa StarWind AE Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034
Description = Usługa LogMeIn Hamachi 2.0 Tunneling Engine niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2010-04-06 17:55:53 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2

Error - 2010-04-07 01:09:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2

Error - 2010-04-07 09:43:55 | Computer Name = DOME | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu:   %%2


< End of report >

i GMER (za czwartym razem sie udało, ale za poprzednimi razami też miałem wszystkie programy emulujace napędy i sterowniki SPTD usunięte...)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 18:58:03
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwClose [0xABD256B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwCreateKey [0xABD25574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwDeleteValueKey [0xABD25A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwDuplicateObject [0xABD2514C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwOpenKey [0xABD2564E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwOpenProcess [0xABD2508C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwOpenThread [0xABD250F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwQueryValueKey [0xABD2576E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwRestoreKey [0xABD2572E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                 ZwSetValueKey [0xABD258AE]

---- Kernel code sections - GMER 1.0.15 ----

.text           D:\WINDOWS\System32\DRIVERS\ati2mtag.sys                                                                              section is writeable [0xB9C2C000, 0x1B85E6, 0xE8000020]
.text           D:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xA9254300, 0x3B6D8, 0xE8000020]
.text           D:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xBABB0300, 0x1BEE, 0xE8000020]
pnidata         D:\WINDOWS\system32\drivers\SECDRV.SYS                                                                                unknown last section [0xA90EDF00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text           D:\Program Files\Xfire\Xfire.exe[2540] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 035A05B7 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] kernel32.dll!CreateThread                                                      7C8106C7 5 Bytes  JMP 0359FF5B D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] GDI32.dll!BitBlt                                                               77F16F79 5 Bytes  JMP 0359F9D3 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!ReleaseDC                                                           7E36869D 5 Bytes  JMP 0359F938 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!GetDC                                                               7E3686C7 5 Bytes  JMP 0359F8A4 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!CreateDialogParamW                                                  7E36EA3B 5 Bytes  JMP 035A00A6 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetForegroundWindow                                                 7E3742ED 5 Bytes  JMP 035A01F4 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!DialogBoxParamW                                                     7E3747AB 5 Bytes  JMP 035A0002 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!InvalidateRect                                                      7E378FD5 5 Bytes  JMP 0359FB1B D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!BeginPaint                                                          7E378FE9 5 Bytes  JMP 0359F810 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!GetCursorPos                                                        7E37974E 5 Bytes  JMP 0359FCEF D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!WindowFromPoint                                                     7E379766 5 Bytes  JMP 0359FD87 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!RedrawWindow                                                        7E379944 5 Bytes  JMP 0359FE22 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetWindowPos                                                        7E3799F3 5 Bytes  JMP 035A014A D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!IsWindowVisible                                                     7E379E3D 7 Bytes  JMP 035A0345 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetFocus                                                            7E37B112 5 Bytes  JMP 0359FA83 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetCapture                                                          7E37C35E 5 Bytes  JMP 0359FC57 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!InvalidateRgn                                                       7E37CDFE 5 Bytes  JMP 0359FBB9 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!CreateWindowExW                                                     7E37D0A3 5 Bytes  JMP 035A028C D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!RegisterClassA                                                      7E37EA5E 5 Bytes  JMP 0359FEC3 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)
.text           D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!TrackPopupMenu                                                      7E3B531E 5 Bytes  JMP 035A050D D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]          003D0002
IAT             D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                              aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                             aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   D:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xD0 0x24 0xF0 0x5D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x9B 0x42 0xF0 0x56 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x74 0xD4 0x14 0x4C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       D:\Program Files\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xD0 0x24 0xF0 0x5D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x9B 0x42 0xF0 0x56 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x74 0xD4 0x14 0x4C ...

---- EOF - GMER 1.0.15 ----

Link do komentarza
Udostępnij na innych stronach

i GMER (za czwartym razem sie udało, ale za poprzednimi razami też miałem wszystkie programy emulujace napędy i sterowniki SPTD usunięte...)

Z logów wychodzi mi, że Alcohol nadal siedzi w systemie. Poza tym logi wyglądają na czyste. Sporo błędów jest zgłaszanych przez Borderlands i Avasta. Proponuję przeinstalować pierwszy z nich i Avasta zastąpić czymś innym. Po tych zabiegach napisz, czy nadal występują problemów.

Sprawdź też w menedżerze zadań, czy coś nie obciąża mocno kompa.

I zaktualizuj IE do wersji 8. Obowiązkowo, nawet jeśli nie używasz IE.

Link do komentarza
Udostępnij na innych stronach

Sorry, jednak jest , alcohol 52, ale nie mogę tego usunąć :/. W "Dodaj lub Usuń programy" w ogolę nie pokazuje zainstalowanego alcohola 52, a kiedy klikam na plik 'uninst' (w folderze gdzie mam zainstalowanego alcohla) wyskakuje błąd : "setup is unable to validate instalation", za to kiedy chcę go odpalić wyskakuje "Załadowanie sterowników Alcohol nie powiodło sie! Opcje emulacji i domyślny interfejs kontroli urządzeń nie będą dostępne"

Tak samo z tym Borderlands'em, w "Dodaj lub Usuń programy" tego nie ma, a w folderze, gdzie jest on zainstalowany nie ma żadnego pliku "uninstal". Oprócz tego, przed chwilą włączyłem kompa i wyskoczyło mi coś takiego: screen...

W menadżerze zadań nic kompa nie obciąża. IE aktualizuje.

Na jakiego antivirusa zmienić avasta?

Aha no i jeszcze nie mam dźwięku... Próbowałem reinstalować sterowniki, ale nic nie pomogło :/

Link do komentarza
Udostępnij na innych stronach

Polecam Comodo Internet Security. Z moich obserwacji wynika, że jest skuteczniejszy. Jeśli chodzi o ekran, który wyskoczył, to jest to dziwne, bo Winferno Registry Power Cleaner to jest normalny program czyszczący rejestr.

Spróbuj przeskanować komputer za pomocą płyty Dr.Web LiveCD. Instrukcja użycia w linku. Jeśli to nic nie znajdzie, to skłaniałbym się do tego, że system jest czysty, ale uszkodzony. Jeśli tak będzie, to spróbujemy go naprawić.

Brak dźwięku może być znakiem, że coś jest nie tak ze sterownikami, ale być może da radę to w miarę łatwo naprawić.

Link do komentarza
Udostępnij na innych stronach



  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...