SzydlaK Napisano Kwiecień 1, 2010 Zgłoś Share Napisano Kwiecień 1, 2010 Witam. Mam problem z wirusem Win32:Malware. Parę dni temu po odpaliłem kompa i zalogowaniu się na użytkownika wszystko stanęło na jakieś 10 min, po tym czasie większość rzeczy działała, ale avast wykrył mi sporo wirusów Win32:Malware. Część z nich usunąłem, a część wrzuciłem do kwarantanny Screen. Po restarcie kompa nie było dźwięku (prawdopodobnie usunąłem zainfekowane sterowniki(?)) Robiłem pełny skan programem Malwarebytes' Anti-Malware, który wykrył masę adware'ów i trojana, większość usunąłem ale paru się nie dało. Załączam logi z RSIT, OTL i 2 logi ze skanowania Malwarebytes' Anti-Malware. Proszę o pomoc.log.txtOTL.Txtmbam_log_2010_04_01__11_56_33_.txtmbam_log_2010_04_01__13_45_04_.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 1, 2010 Zgłoś Share Napisano Kwiecień 1, 2010 Logi wyglądają obecnie na czyste. Dla pewności przeskanuj jeszcze kompa za pomocą Dr.Web CureIt! i daj log z GMERa. Z systemem dzieje się jeszcze coś dziwnego? Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 1, 2010 Autor Zgłoś Share Napisano Kwiecień 1, 2010 Tak. Po restarcie i zalogowaniu komp staje na ~10 min. Kiedy odpalam w trybie awaryjnym wszystko jest ok. Czy mógłbyś napisać jak zrobić logi z GMER'a? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 1, 2010 Zgłoś Share Napisano Kwiecień 1, 2010 Zerknij tu. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 1, 2010 Autor Zgłoś Share Napisano Kwiecień 1, 2010 Niestety nie mogłem załączyć loga z GMER'a w załączniku "Wysyłanie zakończone niepowodzeniem. Nie masz uprawnień do wysyłania plików o takim rozszerzeniu" GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-01 19:26:50 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdapow.sys ---- System - GMER 1.0.15 ---- SSDT span.sys ZwCreateKey [0xF74D60E0] SSDT span.sys ZwEnumerateKey [0xF74F4CA4] SSDT span.sys ZwEnumerateValueKey [0xF74F5032] SSDT span.sys ZwOpenKey [0xF74D60C0] SSDT span.sys ZwQueryKey [0xF74F510A] SSDT span.sys ZwQueryValueKey [0xF74F4F8A] SSDT span.sys ZwSetValueKey [0xF74F519C] INT 0x62 ? 8A193BF8 INT 0x63 ? 8A193BF8 INT 0x63 ? 8A193BF8 INT 0x63 ? 89F6FBF8 INT 0x63 ? 8A193BF8 INT 0x82 ? 8A193BF8 INT 0x83 ? 89F6FBF8 INT 0xA4 ? 89F6FBF8 INT 0xB4 ? 89F6FBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? span.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload BADF48AC 5 Bytes JMP 89F6F1D8 .text a341e5t1.SYS BAD82386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a341e5t1.SYS BAD823AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a341e5t1.SYS BAD823C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a341e5t1.SYS BAD823C9 1 Byte [2E] .text a341e5t1.SYS BAD823C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Mozilla Firefox\firefox.exe[1328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A20A2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] span.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] span.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] span.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] span.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] span.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] span.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] span.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89F6F2D8 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] span.sys IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8D52FF55 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!swprintf] 8D51F84D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSetEvent] 5052F455 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoCreateSymbolicLink] EACAE856 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetConfigurationInformation] C483FFFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 0FC08520 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0001AD85 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDisconnectInterrupt] F44D8B48 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnmapIoSpace] C1815753 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 00011D90 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IofCompleteRequest] 467C8D51 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 77CEE84A IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IofCallDriver] D88BFFFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 8504C483 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 5F0A75DB IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoConnectInterrupt] 5B08438D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDetachDevice] 5DE58B5E IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1D9068C3 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeEvent] 006A0001 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeCancelTimer] 88AEE853 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 558DFFFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlInitAnsiString] 90838DF8 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 5200011D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoQueueWorkItem] 03895750 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapIoSpace] FFF363E8 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0C458AFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8B104D8B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoReportResourceForDetection] 43881855 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1C458B08 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!NlsMbCodePageTag] 0F544389 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoRequestPowerIrp] 89FF45B6 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 4D8B0C4B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 50538920 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!sprintf] 8824558B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 4B890A43 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObfDereferenceObject] 5C538958 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8306468A IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 3F2418C4 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwClose] 74FF4588 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F8B60F79 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 1A8C8B8D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 8D510000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 50572846 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoCreateDevice] 00D2F7E8 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 80938D00 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 5200001B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 5728468D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwOpenKey] ECF6E850 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlFreeUnicodeString] B60F0000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartTimer] 938DFF45 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeTimer] 0000026B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInitializeTimer] B908C683 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeDpc] 00000008 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInitializeSpinLock] A5F3FA8B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoInitializeIrp] 8808758B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwCreateKey] 00026883 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 06468A00 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8306E8C0 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ZwSetValueKey] 023C18C4 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeInsertQueueDpc] 02698388 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 19750000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartPacket] 028C8B8D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52510000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 00C287E8 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeMdl] 08C48300 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnlockPages] 0575C085 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] EB08708D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 07568A54 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 026A9388 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 83660000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSynchronizeExecution] 7601487E IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoStartNextPacket] 4AC68305 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeBugCheckEx] F63302EB IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 5614458B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeSetTimer] 79E85350 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_allmul] 8BFFFFF4 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmProbeAndLockPages] 83FF33F0 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_except_handler3] F73B0CC4 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoSetPowerState] 7D801E75 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 850F050C IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000090 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 51F84D8B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_aulldiv] F84AE853 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!strstr] C483FFFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!_strupr] 75C08408 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeQuerySystemTime] 08778D76 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoWMIRegistrationControl] F34AE853 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!KeTickCount] C483FFFF IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00F46804 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoDeleteDevice] 938D0000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00001A8C IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateWorkItem] E852006A IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateIrp] FFFF878C IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoAllocateMdl] 0000F468 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 80838D00 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmLockPagableDataSection] 6A00001B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 79E85000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 33FFFF87 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!ExFreePoolWithTag] 6B8389C0 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeIrp] 89000002 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!IoFreeWorkItem] 00026F83 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!InitSafeBootMode] 73838900 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!RtlCompareMemory] 89000002 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!PoCallDriver] 00027783 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!memmove] 7B838900 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[ntoskrnl.exe!MmHighestUserAddress] 89000002 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfLowerIrql] 8BEC8B55 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!HalGetInterruptVector] 00C73445 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!HalTranslateBusAddress] 00000000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!READ_PORT_USHORT] 57B80974 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5 IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D IAT \SystemRoot\System32\Drivers\a341e5t1.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A1921F8 Device \FileSystem\Fastfat \FatCdrom 89655500 Device \Driver\NetBT \Device\NetBT_Tcpip_{9CA76439-71DB-4966-9969-480ADD03AA98} 896E71F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBPDO-0 8A07F1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A2081F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A2081F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A2081F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A2081F8 Device \Driver\usbuhci \Device\USBPDO-1 8A07F1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A07F1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A07F1F8 Device \Driver\usbehci \Device\USBPDO-4 8A043500 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\PCI_PNP4404 \Device\00000049 span.sys Device \Driver\PCI_PNP4404 \Device\00000049 span.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1941F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A1941F8 Device \Driver\Cdrom \Device\CdRom0 8A046500 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A1941F8 Device \Driver\Cdrom \Device\CdRom1 8A046500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 8A1941F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6A5DF57B-A8B0-4710-923C-69CC41947F8D} 896E71F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 896E71F8 Device \Driver\NetBT \Device\NetbiosSmb 896E71F8 Device \Driver\sptd \Device\2828425654 span.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{0569861F-0830-45EB-BE54-DF076C0ACAD7} 896E71F8 Device \Driver\usbuhci \Device\USBFDO-0 8A07F1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A07F1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896E11F8 Device \Driver\usbuhci \Device\USBFDO-2 8A07F1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 896E11F8 Device \Driver\usbuhci \Device\USBFDO-3 8A07F1F8 Device \Driver\usbehci \Device\USBFDO-4 8A043500 Device \Driver\Ftdisk \Device\FtControl 8A1941F8 Device \Driver\a341e5t1 \Device\Scsi\a341e5t11 8A0851F8 Device \Driver\a341e5t1 \Device\Scsi\a341e5t11Port4Path0Target0Lun0 8A0851F8 Device \FileSystem\Fastfat \Fat 89655500 Device \FileSystem\Cdfs \Cdfs 89656500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD0 0x24 0xF0 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0x42 0xF0 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x74 0xD4 0x14 0x4C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD0 0x24 0xF0 0x5D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0x42 0xF0 0x56 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x74 0xD4 0x14 0x4C ... ---- EOF - GMER 1.0.15 ---- Skana Dr.Web CureIt! robiłem, nic nie wykrył. Ale komp wciąż po zalogowaniu łazi minute po czym wszystko staje i trzeba czekać -.- .. Mam pytanie, co zrobić z tymi plikami co są w kwarantannie? Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 4, 2010 Autor Zgłoś Share Napisano Kwiecień 4, 2010 Nikt nie wie, jak pomóc ? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 4, 2010 Zgłoś Share Napisano Kwiecień 4, 2010 Przepraszam, umknął mi ten temat. Plik: D:\Windows\System32\Drivers\a341e5t1.SYS sprawdź na VirusTotal. I wklej tu link do wyników skanowania. Wklej na forum zawartość pliku D:\WINDOWS\System32\fjhdyfhsn.bat Pliki w kwarantannie możesz zostawić, lub usunąć. Wedle uznania. Uruchom OTL i w pole Custom scans/fixes wklej :Files D:\Documents and Settings\LocalService\Dane aplikacji\jasltw.dat D:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat :Commands [emptytemp] wklej na forum powstały log, a następnie wykonaj nowe skanowanie za pomocą OTL i wklej log, który zostanie wygenerowany. Poza tym w wierszu poleceń wpisz komendę tasklist /svc i wklej na forum to, co ona zwraca. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 5, 2010 Autor Zgłoś Share Napisano Kwiecień 5, 2010 No to tak. -pliku a341e4t1.sys nie mam :| -jak otworzyć ten plik ( fjhdyfhsn.bat) ? Po podwójnym kliknięciu na mniej niż sekundę konsolka, a w niej napis (to co udało mi się rozczytać) "Nie można otworzyć pliku D:\Program Files\...\Internet Explorer..." -po wklejeniu do tego Custom scan/fixes co zrobić żeby powstał log? -Po wpisaniu tej komendy dostałem to: D:\Documents and Settings\Administrator>tasklist /svc Nazwa obrazu PID Usługi ========================= ====== ============================================= System Idle Process 0 Brak System 4 Brak smss.exe 764 Brak csrss.exe 828 Brak winlogon.exe 860 Brak services.exe 904 Eventlog, PlugPlay lsass.exe 916 PolicyAgent, ProtectedStorage, SamSs ati2evxx.exe 1084 Ati HotKey Poller svchost.exe 1100 DcomLaunch, TermService svchost.exe 1172 RpcSs svchost.exe 1324 AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC svchost.exe 1484 Dnscache svchost.exe 1536 LmHosts, RemoteRegistry, SSDPSRV, WebClient aswUpdSv.exe 1688 aswUpdSv ati2evxx.exe 1716 Brak ashServ.exe 1772 avast! Antivirus spoolsv.exe 384 Spooler explorer.exe 820 Brak winampa.exe 1216 Brak jusched.exe 1228 Brak ashDisp.exe 1244 Brak GrooveMonitor.exe 1372 Brak AirPacewifi.exe 1392 Brak hamachi-2-ui.exe 1420 Brak essvr.exe 664 ES lite Service RTHDCPL.exe 724 Brak hamachi-2.exe 588 Hamachi2Svc jqs.exe 1656 JavaQuickStarterService PnkBstrA.exe 1416 PnkBstrA TBPANEL.exe 1520 Brak PnkBstrB.exe 1904 PnkBstrB gg.exe 2116 Brak Skype.exe 2136 Brak msmsgs.exe 2184 Brak ctfmon.exe 2232 Brak WeatherBugAlert.exe 2248 Brak Xfire.exe 2268 Brak StarWindServiceAE.exe 2688 StarWindServiceAE ashMaiSv.exe 3144 avast! Mail Scanner ashWebSv.exe 3200 avast! Web Scanner wmiapsrv.exe 3820 WmiApSrv alg.exe 2800 ALG skypePM.exe 3516 Brak PresentationFontCache.exe 1644 FontCache3.0.0.0 wscntfy.exe 3208 Brak jucheck.exe 2500 Brak wuauclt.exe 3980 Brak gg.exe 1592 Brak mirc.exe 668 Brak firefox.exe 1436 Brak OTL.exe 3800 Brak wmiprvse.exe 3128 Brak cmd.exe 4060 Brak tasklist.exe 440 Brak Sorry za te wszystkie pytania, ale zielony w tych sprawach jestem : P Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 5, 2010 Zgłoś Share Napisano Kwiecień 5, 2010 No to tak. -pliku a341e4t1.sys nie mam :| Czyli pewnie plik alcohola. -jak otworzyć ten plik ( fjhdyfhsn.bat) ? Po podwójnym kliknięciu na mniej niż sekundę konsolka, a w niej napis (to co udało mi się rozczytać) "Nie można otworzyć pliku D:\Program Files\...\Internet Explorer..." Plik fjhdyfhsn.bat otwórz w notatniku (lub czymś podobnym). -po wklejeniu do tego Custom scan/fixes co zrobić żeby powstał log? Przepraszam, zapomniałem napisać. Naciśnij Run Fix. W tasklist /svc nic nie widzę. Po uruchomieniu otwórz menedźer zadań, przejdź na kartę procesy, ustaw sortowanie według zużycia procesora i sprawdź, czy wtedy gdy komputer się tnie coś nie zżera całych zasobów. Jeśli coś będzie zużywało bardzo dużo czasu procesora, to napisz co. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 5, 2010 Autor Zgłoś Share Napisano Kwiecień 5, 2010 Otworzyłem ten plik w notatniku i wyszło to: @echo off :try @del /F /Q "D:\Program Files\Internet Explorer\iexplore.exe" if exist "D:\Program Files\Internet Explorer\iexplore.exe" goto try Nacisnąłem "Run Fix" jak kazałeś i po restarcie systemu otworzył się notatnik z tym: All processes killed ========== FILES ========== D:\Documents and Settings\LocalService\Dane aplikacji\jasltw.dat moved successfully. D:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1259348856 bytes ->Temporary Internet Files folder emptied: 7535338 bytes ->Java cache emptied: 40625802 bytes ->FireFox cache emptied: 76992989 bytes ->Flash cache emptied: 2312857 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 865487 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1676730 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 36224 bytes Windows Temp folder emptied: 1167716 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 326,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 04052010_170856 Files\Folders moved on Reboot... File move failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File\Folder D:\WINDOWS\temp\Perflib_Perfdata_6ec.dat not found! Registry entries deleted on Reboot... Następnie zrobiłem skana OTL'em OTL logfile created on: 2010-04-05 17:48:33 - Run 3 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 4,23 Gb Free Space | 10,82% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 94,91 Gb Free Space | 25,78% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01) SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-05 17:10:53 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-06-29 18:29:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam) DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "MyWebSearch" FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor=" FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M] [2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-04-05 01:04:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions [2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com [2010-03-01 00:05:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com [2010-02-25 00:01:34 | 000,009,977 | ---- | M] () -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml [2010-04-05 17:30:30 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions [2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - D:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit) O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [GEST] File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe () O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - D:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-21 23:43:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003-10-21 16:05:32 | 000,000,039 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-05 17:11:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL [2010-04-05 15:34:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder (2) [2010-04-05 15:34:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder [2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe [2010-04-04 20:59:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\WDM_R154 [2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro [2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit [2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC [2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes [2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware [2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb [2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi [2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2 [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2 [2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM [2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang [2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire [2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-05 17:10:53 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys [2010-04-05 17:10:47 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job [2010-04-05 17:10:47 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job [2010-04-05 17:10:46 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job [2010-04-05 17:10:42 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010-04-05 17:10:38 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010-04-05 17:09:47 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT [2010-04-05 17:09:47 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini [2010-04-05 17:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2010-04-03 17:50:36 | 003,932,214 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\screen.bmp [2010-04-02 16:28:14 | 000,018,495 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\b7a9d29dea77c7226d05056516ceff47.jpg [2010-04-01 15:10:32 | 002,630,934 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\kwarantanna.bmp [2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010-04-01 01:13:05 | 000,000,703 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-31 20:45:20 | 000,052,174 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\logoostatnie.jpg [2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010-03-30 14:44:41 | 000,000,148 | ---- | M] () -- D:\WINDOWS\System32\fjhdyfhsn.bat [2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini [2010-03-15 00:06:58 | 000,123,358 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\iksde.JPG [2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [2010-03-07 22:42:24 | 000,045,360 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\4a1058b13e5a50d3.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-03 17:50:36 | 003,932,214 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\screen.bmp [2010-04-02 16:28:13 | 000,018,495 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\b7a9d29dea77c7226d05056516ceff47.jpg [2010-04-01 15:10:32 | 002,630,934 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\kwarantanna.bmp [2010-04-01 01:13:05 | 000,000,703 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-31 20:45:20 | 000,052,174 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\logoostatnie.jpg [2010-03-30 14:44:41 | 000,000,148 | ---- | C] () -- D:\WINDOWS\System32\fjhdyfhsn.bat [2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-03-15 00:06:50 | 000,123,358 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\iksde.JPG [2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [2010-03-07 22:42:23 | 000,045,360 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\4a1058b13e5a50d3.jpg [2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI [2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini [2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat [2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys [2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll [2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll [2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt [2009-06-29 18:29:49 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys [2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini [2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys [2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI [2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation < End of report > W tasklist /svc nic nie widzę. Po uruchomieniu otwórz menedźer zadań, przejdź na kartę procesy, ustaw sortowanie według zużycia procesora i sprawdź, czy wtedy gdy komputer się tnie coś nie zżera całych zasobów. Jeśli coś będzie zużywało bardzo dużo czasu procesora, to napisz co. Kurde, te "tnienie" nie jest "klasyczne",że nic się nie da zrobić. Mogę ruszać myszką, widać nawet że niektóre programy działają (np. odpala się xfire i inne programiki z auto startu), ale kiedy chcę najechać na pasek zadań myszka zamienia się w klepsydrę. Jeżeli kliknę na jakiś program w pasku szybkiego uruchamiania (kiedy myszka jest klepsydrą) to odpali się on dopiero po "odetnięciu się" kompa. Nie udało mi się odpalić menadżera zadań przed "zacięciem". Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 5, 2010 Zgłoś Share Napisano Kwiecień 5, 2010 Usuń ten plik, o którym mowa na początku (fjhdyfhsn.bat). Nic dobrego to nie jest. Log zaraz sprawdzę. Daj jeszcze screen z zakładką Health z programu HDTune (o ile zdążysz). PCConfidental potrafi spowalniać system i na Twoim miejscu bym to usunął. Można to zrobić przez Dodaj/Usuń programy. Daj też log z SUPERAntispyware Free. Najpierw uaktualnij program, wyłącz automatyczne uruchamianie przy starcie systemu. Następnie przeprowadź skanowanie w trybie awaryjnym. Nie wolno w tym czasie mieć włączonej żadnej przeglądarki! Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 5, 2010 Autor Zgłoś Share Napisano Kwiecień 5, 2010 Plik usunąłem, PCConfidental'a też. Screen z HDTune ma być wtedy kiedy komp "się tnie" czy juz po "odetkaniu"? Jak po to tu jest screen . Zrobiłem skana tym SuperAntispyware. Oto log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/06/2010 at 00:51 AM Application Version : 4.35.1002 Core Rules Database Version : 4771 Trace Rules Database Version: 2583 Scan type : Complete Scan Total Scan Time : 01:06:02 Memory items scanned : 230 Memory threats detected : 0 Registry items scanned : 6039 Registry threats detected : 185 File items scanned : 23265 File threats detected : 72 Adware.Tracking Cookie D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@hit.stat[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@77tracking[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@adstat.4u[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@ad.adocean[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@mywebsearch[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@please[3].txt D:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@viacom.adbureau[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@xfire.adbureau[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@dmtracker[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@ads.akonet[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@ads.planespotters[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@accounts.digsby[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@eaeacom.112.2o7[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@ads.motogen[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@ads.businessclick[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt D:\Documents and Settings\Administrator\Cookies\administrator@glossymedia[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@ad.bm.net[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[1].txt D:\Documents and Settings\Administrator\Cookies\administrator@accounts[2].txt Adware.MyWebSearch/FunWebProducts HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32 HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390} HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32 HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728} HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32 HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32 HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32 HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32 HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32 HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32 HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69} HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32 HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32 HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32 HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32 HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32 HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32 HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32 HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc Browser Hijacker.Internet Explorer Settings Hijack HKU\S-1-5-21-583907252-1965331169-839522115-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g ] Trojan.Agent/Gen-Nullo[Short] D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070328.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070329.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070330.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070331.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070332.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070333.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070334.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070335.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070336.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070337.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070338.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070339.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070340.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070341.SCR D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070343.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070344.SCR D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070345.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070346.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070347.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070348.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070349.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070350.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070351.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070352.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070353.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070354.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070355.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070356.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070357.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070358.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070369.EXE D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070371.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070372.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070373.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070374.DLL D:\SYSTEM VOLUME INFORMATION\_RESTORE{A2CDBCB3-5F70-453E-89F3-38D380FF7C9D}\RP309\A0070375.DLL Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 5, 2010 Zgłoś Share Napisano Kwiecień 5, 2010 Wyłącz i ponownie włącz przywracanie systemu, bo w punktach przywracania są szkodniki. Dysk należy mieć na oku, bo są 2 realokowane sektory. Niby nie powinny być one przyczyną, ale daj jeszcze screena z zakładki Benchmark z HD Tune (tylko najpierw przeprowadź test klikając Start w tej karcie). Sprawdź czy w podglądzie zdarzeń (Panel sterowania > Narzędzia administracyjne > Podgląd zdarzeń) są jakieś błędy, jeśli tak, to wklej ich zawartość na forum. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 6, 2010 Autor Zgłoś Share Napisano Kwiecień 6, 2010 Wyłącz i ponownie włącz przywracanie systemu, bo w punktach przywracania są szkodniki. Wyłączyłem i włączyłem. daj jeszcze screena z zakładki Benchmark z HD Tune (tylko najpierw przeprowadź test klikając Start w tej karcie). Screen z zakładki Benchmark z HDTune. Sprawdź czy w podglądzie zdarzeń (Panel sterowania > Narzędzia administracyjne > Podgląd zdarzeń) są jakieś błędy, jeśli tak, to wklej ich zawartość na forum. Jest i to pełno Wszystko wkleić? Pytam się bo sporo tego będzie :|. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 6, 2010 Zgłoś Share Napisano Kwiecień 6, 2010 Benchmark nie wygląda źle. Jutro napiszę jak wyeksportować log z podglądu zdarzeń, żebyś nie musiał się z tym męczyć ręcznie. W razie czego przypomnij mi wysyłając prywatną wiadomość. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 6, 2010 Zgłoś Share Napisano Kwiecień 6, 2010 Przesłałem na PW wiadomość jak wyeksportować dziennik. Zobaczmy jeszcze coś takiego: Wygeneruj nowy log z OTL, tym razem pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane logi. Daj też log z GMERa, tylko najpierw usuń wszystkie programy emulujące napędy oraz usuń sterownik SPTD za pomocą tego programu. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 6, 2010 Autor Zgłoś Share Napisano Kwiecień 6, 2010 Oto 2 logi z OTL pierwszy: OTL logfile created on: 2010-04-06 19:06:41 - Run 4 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 6,01 Gb Free Space | 15,39% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01) SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-06 17:08:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-06-29 18:29:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam) DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "MyWebSearch" FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor=" FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M] [2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-04-06 01:14:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions [2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com [2010-03-01 00:05:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com [2010-02-25 00:01:34 | 000,009,977 | ---- | M] () -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml [2010-04-06 19:03:05 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions [2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit) O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [GEST] File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe () O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-21 23:43:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003-10-21 16:05:32 | 000,000,039 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-06 18:18:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder [2010-04-06 17:13:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-04-05 22:29:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com [2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com [2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware [2010-04-05 22:25:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Inne [2010-04-05 22:21:38 | 000,000,000 | ---D | C] -- D:\Program Files\HD Tune [2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL [2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe [2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro [2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit [2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC [2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes [2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware [2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb [2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi [2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2 [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2 [2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM [2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang [2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire [2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-06 19:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-04-06 18:20:23 | 001,079,334 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar [2010-04-06 18:18:22 | 000,118,060 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt [2010-04-06 18:17:53 | 000,436,896 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt [2010-04-06 18:17:00 | 000,524,204 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt [2010-04-06 17:08:32 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job [2010-04-06 17:08:32 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job [2010-04-06 17:08:31 | 000,000,416 | ---- | M] () -- D:\WINDOWS\tasks\PCConfidential.job [2010-04-06 17:08:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys [2010-04-06 17:08:11 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010-04-06 17:08:07 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010-04-06 10:50:28 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT [2010-04-06 10:50:28 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini [2010-04-06 10:43:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-04-06 01:50:44 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp [2010-04-05 22:29:42 | 000,000,787 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk [2010-04-05 22:25:34 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp [2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini [2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-06 18:20:23 | 001,079,334 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar [2010-04-06 18:18:22 | 000,118,060 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt [2010-04-06 18:17:53 | 000,436,896 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt [2010-04-06 18:17:00 | 000,524,204 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt [2010-04-06 01:50:44 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp [2010-04-05 22:29:42 | 000,000,787 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk [2010-04-05 22:25:34 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp [2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI [2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini [2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat [2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys [2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll [2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll [2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt [2009-06-29 18:29:49 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys [2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini [2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys [2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI [2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll [color=#E56717]========== LOP Check ==========[/color] [2009-08-02 13:15:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock [2010-03-27 19:38:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2 [2010-01-28 22:30:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 [2009-10-03 11:56:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Dark Sector [2009-11-18 17:04:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Disney Interactive Studios [2009-08-19 19:54:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire [2009-10-12 15:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\GetRightToGo [2010-02-05 20:09:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010-02-28 10:46:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\ManyCam [2010-03-01 20:59:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Notepad++ [2009-08-04 00:28:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly [2010-03-14 14:31:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2010-03-01 22:03:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\XnView [2009-11-23 16:49:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BioWare [2009-08-21 23:55:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2009-06-29 18:44:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Fallout3 [2009-12-29 22:16:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Universal abit [2010-02-24 22:44:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Winferno [2009-10-12 16:11:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\WinZip [2009-09-05 21:20:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\{FD71DB76-A64B-4A16-BD57-1CC61B92D082} [2010-04-06 17:08:31 | 000,000,416 | ---- | M] () -- D:\WINDOWS\Tasks\PCConfidential.job [2010-04-06 17:08:32 | 000,000,434 | ---- | M] () -- D:\WINDOWS\Tasks\RegPowerClean.job [2010-04-06 17:08:32 | 000,000,420 | ---- | M] () -- D:\WINDOWS\Tasks\RPCReminder.job [2010-04-06 19:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation < End of report > i drugi: OTL Extras logfile created on: 2010-04-06 19:06:41 - Run 4 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 6,01 Gb Free Space | 15,39% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS Drive G: | 1,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher "6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher "6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher "6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher "6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher "6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher "6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher "6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher "6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Company of Heroes\RelicCOH.exe" = E:\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.) "E:\Civilization\Civilization4.exe" = E:\Civilization\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "E:\Civilization\Warlords\Civ4Warlords.exe" = E:\Civilization\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games) "E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe" = E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games) "D:\Program Files\Electronic Arts\EADM\Core.exe" = D:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found "E:\Mass Effect\Binaries\MassEffect.exe" = E:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare) "E:\Mass Effect\MassEffectLauncher.exe" = E:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare) "E:\World in Conflict\wic.exe" = E:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment) "E:\World in Conflict\wic_online.exe" = E:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Tylko online -- (Massive Entertainment) "E:\World in Conflict\wic_ds.exe" = E:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serwer -- () "E:\Company of Heroes\RelicDownloader\RelicDownloader.exe" = E:\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.) "E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games) "E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games) "E:\CoD 4\iw3mp.exe" = E:\CoD 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "E:\X-Men Wolverine\Binaries\Wolverine.exe" = E:\X-Men Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software) "E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games) "E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe" = E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek -- (BioWare) "E:\Dragon Age KB\DAOriginsLauncher.exe" = E:\Dragon Age KB\DAOriginsLauncher.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek Program startowy -- (BioWare) "E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- () "E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- () "E:\OF Dragon Rising Demo\OFDR Demo.exe" = E:\OF Dragon Rising Demo\OFDR Demo.exe:*:Enabled:OF Dragon Rising Demo -- (Codemasters Software Company Limited) "E:\Dragon Age\bin_ship\daorigins.exe" = E:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare) "E:\Dragon Age\DAOriginsLauncher.exe" = E:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare) "E:\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare) "D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "E:\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd) "E:\CoD WaW\CoDWaW.exe" = E:\CoD WaW\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "E:\CoD WaW\CoDWaWmp.exe" = E:\CoD WaW\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library -- (Ubisoft) "E:\Steam\SteamApps\common\fear2\FEAR2.exe" = E:\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.) "E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "E:\Mass Effect 2\Binaries\MassEffect2.exe" = E:\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Gra -- (BioWare) "E:\Mass Effect 2\MassEffect2Launcher.exe" = E:\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Program startowy -- (BioWare) "E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe" = E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- () "E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe" = E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe" = E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG) "E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "E:\Burnout Paradise\BurnoutLauncher.exe" = E:\Burnout Paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\Burnout Paradise\BurnoutConfigTool.exe" = E:\Burnout Paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\Burnout Paradise\BurnoutParadise.exe" = E:\Burnout Paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\ Civilization IV Colonization\Colonization.exe" = E:\ Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games) "E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software) "E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games) "E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1 "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = abit AirPace Wi-Fi "{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest "{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype? 4.0 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional "{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish "{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish "{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War "{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends "{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English "{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader "{3D52783B-BDF6-4596-8C24-439306CE884D}" = abit AirPace Wi-Fi "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish "{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek "{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian "{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese "{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo "{4F94C716-D33A-4AC4-AB3C-93D7FA5975A0}" = King's Bounty - Wojownicza Księżniczka DEMO "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static "{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo "{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{756AB9A1-607A-4305-BA74-AF7D2D3344DE}" = King's Bounty - Wojownicza Księżniczka "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R) "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall "{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0}" = SETTLERS - Dziedzictwo Królów - Złota edycja "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom BETA "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech "{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish "{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All "{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish "{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}" = Overlord II - DEMO "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims? 3 "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB38FA94-F36F-44EA-B5B0-177EF8C6C51E}" = Planescape Torment "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Kreator bohaterów do gry Dragon Age: Początek "{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean "{e8513359-ce76-4a4f-b019-25a00384432d}" = Nero 9 Essentials "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai "{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ALLPlayer_is1" = ALLPlayer V4.X "ATI Display Driver" = ATI Display Driver "avast!" = avast! Antivirus "Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne "Ceville" = Ceville "com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader "Company of Heroes" = Company of Heroes "Dark Sector/PL-Polish_is1" = Dark Sector "Digsby" = Digsby "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Drakensang_is1" = Drakensang "ENTERPRISER" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Frets on Fire - Alarian mod 2.7" = Frets on Fire - Alarian mod 2.7 "Gadu-Gadu" = Gadu-Gadu 7.6 "HD Tune_is1" = HD Tune 2.55 "Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete "HijackThis" = HijackThis 2.0.2 "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM) "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InterActual Player" = InterActual Player "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy1.0" = Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "Notepad++" = Notepad++ "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.9.0 "RegPowerClean_is1" = Winferno Registry Power Cleaner "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl "Sins of a Solar Empire" = Sins of a Solar Empire "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 10500" = Empire: Total War "Steam App 15620" = Warhammer 40,000: Dawn of War II "Steam App 16450" = F.E.A.R. 2: Project Origin "Steam App 33310" = R.U.S.E. Beta "VLC media player" = VLC media player 0.9.8a "Vtune ATI_is1" = Vtune ATI 4.1 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "XnView_is1" = XnView 1.97.2 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NHCmod OF v1.4d" = NHCmod OF v1.4d [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2009-11-09 13:17:07 | Computer Name = DOME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/suggest?hl=pl&sugexp=22533&pq=%22Monitor%20CRT%20strasznie%20intensywnie%20swieci...%22&q=monitor%20crt%20e&cp=13 failed, 0000A413. Error - 2009-11-10 11:01:10 | Computer Name = DOME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl=pl&q=ri failed, 0000A413. [ Application Events ] Error - 2010-01-03 15:04:25 | Computer Name = DOME | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3623, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-01-03 16:30:32 | Computer Name = DOME | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd reliccoh.exe, wersja 2.601.0.169, moduł powodujący błąd msvcr80.dll, wersja 8.0.50727.4053, adres błędu 0x0001500a. Error - 2010-01-05 10:58:36 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated Error - 2010-01-05 10:59:59 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated Error - 2010-01-06 16:23:54 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-06 16:24:08 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-06 16:24:24 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-07 16:15:09 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-07 18:53:05 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands 1.01 Update -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-08 17:07:42 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands 1.01 Update -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. [ System Events ] Error - 2010-04-05 16:36:53 | Computer Name = DOME | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd ?%1084? podczas próby uruchomienia usługi EventSystem z argumentami ?? w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi Środowisko obsługi sieci AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-04-05 16:37:33 | Computer Name = DOME | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AFD appdrv01 aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Error - 2010-04-05 18:53:35 | Computer Name = DOME | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd ?%1084? podczas próby uruchomienia usługi EventSystem z argumentami ?? w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-04-05 18:55:00 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2010-04-06 04:04:25 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2010-04-06 11:08:28 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 < End of report > Próbowałem robić GMER'em, ale kiedy chce zapisać loga to się zacina Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 6, 2010 Zgłoś Share Napisano Kwiecień 6, 2010 Daj też log z GMERa, tylko najpierw usuń wszystkie programy emulujące napędy oraz usuń sterownik SPTD za pomocą tego programu. W Custom Scans/Fixes w OTL wklej to co poniżej: :Processes killallprocesses :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm FF - prefs.js..browser.search.selectedEngine: "MyWebSearch" FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor=" FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: D:\Program Files\MyWebSearch\bar\1.bin File not found O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) :Files D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml C:\AUTOEXEC.BAT D:\WINDOWS\tasks\PCConfidential.job :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] i kliknij run fix. Wrzuć na forum log z tej operacji. Następnie wygeneruj i wrzuć na forum świeże logi z OTL wykonane w ten sam sposób, jak poprzednio. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 7, 2010 Autor Zgłoś Share Napisano Kwiecień 7, 2010 Log z OTL po tej operacji : All processes killed ========== PROCESSES ========== ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine Prefs.js: "http://home.mywebsearch.com/index.jhtml?ptnrS=ZJfox000&ptb=emELoftAk.ioeH.I6Xjq5g" removed from browser.startup.homepage Prefs.js: toolbar@ask.com:3.3.1.313 removed from extensions.enabledItems Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=emELoftAk.ioeH.I6Xjq5g&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce8210&searchfor=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. D:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File D:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File D:\Program Files\Ask.com\GenericAskToolbar.dll not found. ========== FILES ========== D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\logs folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\defaults folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\datastore folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp\skin.Sun-28-Feb-2010-14-37-39-GMT folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-28-Feb-2010-22-05-26-GMT folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com\chrome folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\toolbar@ask.com folder moved successfully. D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\searchplugins\mywebsearch.xml moved successfully. C:\AUTOEXEC.BAT moved successfully. D:\WINDOWS\tasks\PCConfidential.job moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1717811 bytes ->Temporary Internet Files folder emptied: 8067519 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 34878882 bytes ->Flash cache emptied: 43928 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 740012 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 196608 bytes RecycleBin emptied: 65670 bytes Total Files Cleaned = 44,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 04062010_235437 Files\Folders moved on Reboot... File move failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File move failed. D:\WINDOWS\temp\Perflib_Perfdata_6d0.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... Log z OTL OTL logfile created on: 2010-04-07 19:00:56 - Run 5 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,95 Gb Free Space | 15,22% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-03 02:07:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-03-30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-03-26 21:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-07-21 22:33:41 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009-07-08 09:31:40 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe PRC - [2009-03-09 17:49:18 | 000,037,888 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe PRC - [2008-11-21 17:29:38 | 002,285,568 | ---- | M] () -- D:\Program Files\Vtune ATI\TBPANEL.exe PRC - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () -- D:\Program Files\Gigabyte\EasySaver\essvr.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2007-02-08 15:17:58 | 002,240,512 | ---- | M] (Universal abit) -- D:\Program Files\abit\abit uGuru\AirPacewifi.exe PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-01 15:35:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-03-26 21:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_42127.dll MOD - [2008-04-14 22:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-01-09 21:29:38 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- D:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01) SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008-07-17 13:21:34 | 000,080,392 | ---- | M] () [Auto | Running] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-07 15:43:47 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010-02-17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010-02-17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010-01-09 21:29:39 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-10-21 16:29:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-02 21:27:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-14 09:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam) DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-12-21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-12-18 12:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aw5006.sys -- (AR2425) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-03 02:07:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:07:39 | 000,000,000 | ---D | M] [2009-07-20 16:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-04-07 16:36:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions [2010-01-05 23:56:25 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-11-17 22:33:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y79sh68e.default\extensions\battlefieldheroespatcher@ea.com [2010-04-07 18:58:10 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions [2010-03-22 19:02:05 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-22 19:02:05 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-22 19:02:05 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-22 19:02:05 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-22 19:02:05 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-22 19:02:05 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [AirPaceWifi] D:\Program Files\abit\abit uGuru\AirPaceWifi.exe (Universal abit) O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [GEST] File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [RGSC] E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Steam] e:\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TBPanel] D:\Program Files\Vtune ATI\TBPanel.exe () O4 - HKCU..\Run: [WeatherBugAlert] D:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies) O4 - Startup: D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: DirectAnimation Java Classes file://D:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-07 15:44:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-04-06 18:18:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Nowy folder [2010-04-05 22:29:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com [2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com [2010-04-05 22:29:38 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware [2010-04-05 22:25:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Pulpit\Inne [2010-04-05 22:21:38 | 000,000,000 | ---D | C] -- D:\Program Files\HD Tune [2010-04-05 17:08:56 | 000,000,000 | ---D | C] -- D:\_OTL [2010-04-04 20:59:43 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- D:\WINDOWS\Alcmtr.exe [2010-04-01 14:35:15 | 000,000,000 | ---D | C] -- D:\Program Files\trend micro [2010-04-01 14:35:14 | 000,000,000 | ---D | C] -- D:\rsit [2010-04-01 14:29:54 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC [2010-04-01 01:13:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes [2010-04-01 01:13:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-01 01:13:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-04-01 01:13:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-04-01 01:13:00 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware [2010-04-01 00:42:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\DoctorWeb [2010-03-30 14:43:40 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn Hamachi [2010-03-29 14:00:41 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- D:\WINDOWS\System32\hamachi.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-03-26 21:42:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-03-26 21:40:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\changer.sys [2010-03-26 21:39:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Bioshock2 [2010-03-24 19:57:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2 [2010-03-24 19:56:37 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM [2010-03-16 16:52:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Moje dokumenty\Drakensang [2010-03-14 14:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2009-11-22 13:02:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Xfire [2009-09-08 10:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2009-07-20 16:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [2009-06-22 13:39:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-22 13:37:28 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-06-22 13:06:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-07 19:01:57 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-04-07 15:44:20 | 000,000,434 | ---- | M] () -- D:\WINDOWS\tasks\RegPowerClean.job [2010-04-07 15:44:19 | 000,000,420 | ---- | M] () -- D:\WINDOWS\tasks\RPCReminder.job [2010-04-07 15:43:47 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- D:\WINDOWS\gdrv.sys [2010-04-07 15:43:33 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010-04-07 15:43:29 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010-04-07 07:33:06 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT [2010-04-07 07:33:06 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini [2010-04-06 18:20:23 | 001,079,334 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar [2010-04-06 18:18:22 | 000,118,060 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt [2010-04-06 18:17:53 | 000,436,896 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt [2010-04-06 18:17:00 | 000,524,204 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt [2010-04-06 10:43:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-04-06 01:50:44 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp [2010-04-05 22:29:42 | 000,000,787 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk [2010-04-05 22:25:34 | 000,787,442 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp [2010-04-04 19:53:36 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2010-04-01 14:39:56 | 001,096,320 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2010-04-01 14:39:56 | 000,493,976 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2010-04-01 14:39:56 | 000,435,396 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010-04-01 14:39:56 | 000,085,136 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2010-04-01 14:39:56 | 000,068,292 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010-03-31 16:35:40 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-25 16:06:15 | 000,069,232 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-25 16:04:22 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010-03-20 15:29:20 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2010-03-17 19:56:32 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-16 20:12:57 | 000,000,583 | ---- | M] () -- D:\WINDOWS\win.ini [2010-03-09 18:44:07 | 000,012,150 | ---- | M] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-06 18:20:23 | 001,079,334 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Bledy.rar [2010-04-06 18:18:22 | 000,118,060 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Antivirus.evt [2010-04-06 18:17:53 | 000,436,896 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\Aplikacja.evt [2010-04-06 18:17:00 | 000,524,204 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\system.evt [2010-04-06 01:50:44 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu3.bmp [2010-04-05 22:29:42 | 000,000,787 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\SUPERAntiSpyware Free Edition.lnk [2010-04-05 22:25:34 | 000,787,442 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\bez tytułu.bmp [2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll [2010-03-26 01:23:52 | 000,158,528 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-03-09 17:35:50 | 000,012,150 | ---- | C] () -- D:\Documents and Settings\Administrator\Pulpit\aa.docx [2009-12-23 18:09:47 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI [2009-11-18 16:43:14 | 000,000,836 | ---- | C] () -- D:\WINDOWS\disney.ini [2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat [2009-10-02 21:27:21 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys [2009-10-02 21:27:21 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-04 16:36:12 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009-08-17 16:54:26 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009-07-17 13:31:29 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll [2009-07-17 13:31:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll [2009-07-16 22:10:01 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\ceville_console_history.txt [2009-06-25 01:02:06 | 000,138,576 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-06-25 01:02:05 | 000,022,328 | ---- | C] () -- D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys [2009-06-25 01:01:47 | 000,000,268 | ---- | C] () -- D:\WINDOWS\game.ini [2009-06-25 00:31:37 | 000,003,972 | ---- | C] () -- D:\WINDOWS\System32\drivers\PciBus.sys [2009-06-22 13:42:46 | 000,001,752 | ---- | C] () -- D:\WINDOWS\ATICIM.INI [2009-06-22 12:48:24 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-22 12:45:25 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll [color=#E56717]========== LOP Check ==========[/color] [2009-08-02 13:15:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock [2010-03-27 19:38:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Bioshock2 [2010-01-28 22:30:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 [2009-10-03 11:56:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Dark Sector [2009-11-18 17:04:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Disney Interactive Studios [2009-08-19 19:54:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\fretsonfire [2009-10-12 15:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\GetRightToGo [2010-02-05 20:09:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010-02-28 10:46:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\ManyCam [2010-03-01 20:59:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Notepad++ [2009-08-04 00:28:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly [2010-03-14 14:31:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2010-03-01 22:03:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dane aplikacji\XnView [2009-11-23 16:49:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BioWare [2009-08-21 23:55:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2009-06-29 18:44:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Fallout3 [2009-12-29 22:16:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Universal abit [2010-02-24 22:44:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Winferno [2009-10-12 16:11:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\WinZip [2009-09-05 21:20:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\{FD71DB76-A64B-4A16-BD57-1CC61B92D082} [2010-04-07 15:44:20 | 000,000,434 | ---- | M] () -- D:\WINDOWS\Tasks\RegPowerClean.job [2010-04-07 15:44:19 | 000,000,420 | ---- | M] () -- D:\WINDOWS\Tasks\RPCReminder.job [2010-04-07 19:01:57 | 000,000,250 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> D:\Documents and Settings\Administrator\Moje dokumenty\sd.3dr:SummaryInformation < End of report > Extras: OTL Extras logfile created on: 2010-04-07 19:00:57 - Run 5 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 37,27 Gb Total Space | 8,09 Gb Free Space | 21,70% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,95 Gb Free Space | 15,22% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 95,24 Gb Free Space | 25,87% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 31,45 Gb Free Space | 53,67% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher "6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher "6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher "6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher "6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher "6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher "6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher "6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher "6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Company of Heroes\RelicCOH.exe" = E:\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.) "E:\Civilization\Civilization4.exe" = E:\Civilization\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "E:\Civilization\Warlords\Civ4Warlords.exe" = E:\Civilization\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games) "E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe" = E:\Civilization\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games) "D:\Program Files\Electronic Arts\EADM\Core.exe" = D:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found "E:\Mass Effect\Binaries\MassEffect.exe" = E:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare) "E:\Mass Effect\MassEffectLauncher.exe" = E:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare) "E:\World in Conflict\wic.exe" = E:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment) "E:\World in Conflict\wic_online.exe" = E:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Tylko online -- (Massive Entertainment) "E:\World in Conflict\wic_ds.exe" = E:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Serwer -- () "E:\Company of Heroes\RelicDownloader\RelicDownloader.exe" = E:\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.) "E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games) "E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = E:\Civilization\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games) "E:\CoD 4\iw3mp.exe" = E:\CoD 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "E:\X-Men Wolverine\Binaries\Wolverine.exe" = E:\X-Men Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software) "E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Sins of a Solar Empire\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games) "E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe" = E:\Dragon Age KB\bin_ship\DAOCharacterCreator.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek -- (BioWare) "E:\Dragon Age KB\DAOriginsLauncher.exe" = E:\Dragon Age KB\DAOriginsLauncher.exe:*:Enabled:Kreator bohaterów do gry Dragon Age Początek Program startowy -- (BioWare) "E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- () "E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- () "E:\OF Dragon Rising Demo\OFDR Demo.exe" = E:\OF Dragon Rising Demo\OFDR Demo.exe:*:Enabled:OF Dragon Rising Demo -- (Codemasters Software Company Limited) "E:\Dragon Age\bin_ship\daorigins.exe" = E:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare) "E:\Dragon Age\DAOriginsLauncher.exe" = E:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare) "E:\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare) "D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "E:\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd) "E:\CoD WaW\CoDWaW.exe" = E:\CoD WaW\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "E:\CoD WaW\CoDWaWmp.exe" = E:\CoD WaW\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library -- (Ubisoft) "E:\Steam\SteamApps\common\fear2\FEAR2.exe" = E:\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.) "E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "E:\Mass Effect 2\Binaries\MassEffect2.exe" = E:\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Gra -- (BioWare) "E:\Mass Effect 2\MassEffect2Launcher.exe" = E:\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Program startowy -- (BioWare) "E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe" = E:\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- () "E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe" = E:\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe" = E:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG) "E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "E:\Burnout Paradise\BurnoutLauncher.exe" = E:\Burnout Paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\Burnout Paradise\BurnoutConfigTool.exe" = E:\Burnout Paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\Burnout Paradise\BurnoutParadise.exe" = E:\Burnout Paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts) "E:\ Civilization IV Colonization\Colonization.exe" = E:\ Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games) "E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = E:\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software) "E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = E:\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games) "E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = E:\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.0729.1 "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = abit AirPace Wi-Fi "{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest "{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype? 4.0 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional "{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish "{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish "{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War "{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends "{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English "{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader "{3D52783B-BDF6-4596-8C24-439306CE884D}" = abit AirPace Wi-Fi "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish "{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek "{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian "{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese "{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo "{4F94C716-D33A-4AC4-AB3C-93D7FA5975A0}" = King's Bounty - Wojownicza Księżniczka DEMO "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static "{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo "{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{756AB9A1-607A-4305-BA74-AF7D2D3344DE}" = King's Bounty - Wojownicza Księżniczka "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R) "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall "{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0}" = SETTLERS - Dziedzictwo Królów - Złota edycja "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom BETA "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech "{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish "{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All "{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish "{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}" = Overlord II - DEMO "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims? 3 "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB38FA94-F36F-44EA-B5B0-177EF8C6C51E}" = Planescape Torment "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Kreator bohaterów do gry Dragon Age: Początek "{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean "{e8513359-ce76-4a4f-b019-25a00384432d}" = Nero 9 Essentials "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai "{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ALLPlayer_is1" = ALLPlayer V4.X "ATI Display Driver" = ATI Display Driver "avast!" = avast! Antivirus "Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne "Ceville" = Ceville "com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader "Company of Heroes" = Company of Heroes "Dark Sector/PL-Polish_is1" = Dark Sector "Digsby" = Digsby "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Drakensang_is1" = Drakensang "ENTERPRISER" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Frets on Fire - Alarian mod 2.7" = Frets on Fire - Alarian mod 2.7 "Gadu-Gadu" = Gadu-Gadu 7.6 "HD Tune_is1" = HD Tune 2.55 "Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete "HijackThis" = HijackThis 2.0.2 "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM) "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InterActual Player" = InterActual Player "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy1.0" = Moje Gimnazjum 2009 Profil Matematyczno-Przyrodniczy "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "Notepad++" = Notepad++ "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.9.0 "RegPowerClean_is1" = Winferno Registry Power Cleaner "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl "Sins of a Solar Empire" = Sins of a Solar Empire "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 10500" = Empire: Total War "Steam App 15620" = Warhammer 40,000: Dawn of War II "Steam App 16450" = F.E.A.R. 2: Project Origin "Steam App 33310" = R.U.S.E. Beta "VLC media player" = VLC media player 0.9.8a "Vtune ATI_is1" = Vtune ATI 4.1 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "XnView_is1" = XnView 1.97.2 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NHCmod OF v1.4d" = NHCmod OF v1.4d [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2009-11-09 13:17:07 | Computer Name = DOME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/suggest?hl=pl&sugexp=22533&pq=%22Monitor%20CRT%20strasznie%20intensywnie%20swieci...%22&q=monitor%20crt%20e&cp=13 failed, 0000A413. Error - 2009-11-10 11:01:10 | Computer Name = DOME | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl=pl&q=ri failed, 0000A413. [ Application Events ] Error - 2010-01-05 10:59:59 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: NVIDIA PhysX v8.10.29 -- Installation terminated Error - 2010-01-06 16:23:54 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-06 16:24:08 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-06 16:24:24 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-07 16:15:09 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-07 18:53:05 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands 1.01 Update -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-08 17:07:42 | Computer Name = DOME | Source = MsiInstaller | ID = 1013 Description = Product: Borderlands 1.01 Update -- This package will only update the retail DVD version of Borderlands. If you purchased your copy from an online digital distribution service that allowed you to download the product, then you must receive updates from them. Error - 2010-01-20 07:59:31 | Computer Name = DOME | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2010-01-20 07:59:31 | Computer Name = DOME | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Określony serwer nie może wykonać żądanej operacji. Error - 2010-01-20 12:26:05 | Computer Name = DOME | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca kb.exe, wersja 0.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa ES lite Service for program management. niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:37 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa PnkBstrB niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa StarWind AE Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:54:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7034 Description = Usługa LogMeIn Hamachi 2.0 Tunneling Engine niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-04-06 17:55:53 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2010-04-07 01:09:38 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 Error - 2010-04-07 09:43:55 | Computer Name = DOME | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%2 < End of report > i GMER (za czwartym razem sie udało, ale za poprzednimi razami też miałem wszystkie programy emulujace napędy i sterowniki SPTD usunięte...) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-07 18:58:03 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xABD256B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xABD25574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xABD25A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xABD2514C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xABD2564E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xABD2508C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xABD250F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xABD2576E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xABD2572E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xABD258AE] ---- Kernel code sections - GMER 1.0.15 ---- .text D:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9C2C000, 0x1B85E6, 0xE8000020] .text D:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9254300, 0x3B6D8, 0xE8000020] .text D:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBABB0300, 0x1BEE, 0xE8000020] pnidata D:\WINDOWS\system32\drivers\SECDRV.SYS unknown last section [0xA90EDF00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Xfire\Xfire.exe[2540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 035A05B7 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0359FF5B D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 0359F9D3 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 0359F938 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 0359F8A4 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 035A00A6 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 035A01F4 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 035A0002 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!InvalidateRect 7E378FD5 5 Bytes JMP 0359FB1B D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 0359F810 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0359FCEF D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!WindowFromPoint 7E379766 5 Bytes JMP 0359FD87 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!RedrawWindow 7E379944 5 Bytes JMP 0359FE22 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 035A014A D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!IsWindowVisible 7E379E3D 7 Bytes JMP 035A0345 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetFocus 7E37B112 5 Bytes JMP 0359FA83 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0359FC57 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!InvalidateRgn 7E37CDFE 5 Bytes JMP 0359FBB9 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 035A028C D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 0359FEC3 D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) .text D:\Program Files\Xfire\Xfire.exe[2540] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 035A050D D:\Program Files\Xfire\xfire_toucan_42127.dll (Xfire Toucan DLL/Xfire Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD0 0x24 0xF0 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0x42 0xF0 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x74 0xD4 0x14 0x4C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD0 0x24 0xF0 0x5D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0x42 0xF0 0x56 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x74 0xD4 0x14 0x4C ... ---- EOF - GMER 1.0.15 ---- Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 7, 2010 Zgłoś Share Napisano Kwiecień 7, 2010 i GMER (za czwartym razem sie udało, ale za poprzednimi razami też miałem wszystkie programy emulujace napędy i sterowniki SPTD usunięte...) Z logów wychodzi mi, że Alcohol nadal siedzi w systemie. Poza tym logi wyglądają na czyste. Sporo błędów jest zgłaszanych przez Borderlands i Avasta. Proponuję przeinstalować pierwszy z nich i Avasta zastąpić czymś innym. Po tych zabiegach napisz, czy nadal występują problemów. Sprawdź też w menedżerze zadań, czy coś nie obciąża mocno kompa. I zaktualizuj IE do wersji 8. Obowiązkowo, nawet jeśli nie używasz IE. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 7, 2010 Autor Zgłoś Share Napisano Kwiecień 7, 2010 Sorry, jednak jest , alcohol 52, ale nie mogę tego usunąć . W "Dodaj lub Usuń programy" w ogolę nie pokazuje zainstalowanego alcohola 52, a kiedy klikam na plik 'uninst' (w folderze gdzie mam zainstalowanego alcohla) wyskakuje błąd : "setup is unable to validate instalation", za to kiedy chcę go odpalić wyskakuje "Załadowanie sterowników Alcohol nie powiodło sie! Opcje emulacji i domyślny interfejs kontroli urządzeń nie będą dostępne" Tak samo z tym Borderlands'em, w "Dodaj lub Usuń programy" tego nie ma, a w folderze, gdzie jest on zainstalowany nie ma żadnego pliku "uninstal". Oprócz tego, przed chwilą włączyłem kompa i wyskoczyło mi coś takiego: screen... W menadżerze zadań nic kompa nie obciąża. IE aktualizuje. Na jakiego antivirusa zmienić avasta? Aha no i jeszcze nie mam dźwięku... Próbowałem reinstalować sterowniki, ale nic nie pomogło Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 7, 2010 Zgłoś Share Napisano Kwiecień 7, 2010 Polecam Comodo Internet Security. Z moich obserwacji wynika, że jest skuteczniejszy. Jeśli chodzi o ekran, który wyskoczył, to jest to dziwne, bo Winferno Registry Power Cleaner to jest normalny program czyszczący rejestr. Spróbuj przeskanować komputer za pomocą płyty Dr.Web LiveCD. Instrukcja użycia w linku. Jeśli to nic nie znajdzie, to skłaniałbym się do tego, że system jest czysty, ale uszkodzony. Jeśli tak będzie, to spróbujemy go naprawić. Brak dźwięku może być znakiem, że coś jest nie tak ze sterownikami, ale być może da radę to w miarę łatwo naprawić. Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 9, 2010 Autor Zgłoś Share Napisano Kwiecień 9, 2010 Coś mi nie wychodzi z tym LiveCD... Nagrałem obraz na płytę DVD, ustawiłem bootowanie z CDROM'u, ale po włączeniu kompa i tak odpala się windows Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Kwiecień 9, 2010 Zgłoś Share Napisano Kwiecień 9, 2010 Nagrałeś to jako obraz, czy jako płyta z danymi? Link do komentarza Udostępnij na innych stronach More sharing options...
SzydlaK Napisano Kwiecień 9, 2010 Autor Zgłoś Share Napisano Kwiecień 9, 2010 Jako obraz. W instrukcji jest: Zapisz pobrany obraz na nośniku CD lub DVD. Pobrałem plik "minDrWebLiveCD-5.0.2.iso" i nagrałem to na płycie. Link do komentarza Udostępnij na innych stronach More sharing options...