Komp zamula i wiesza sie na kilka sek.

**Posty:** 17 · przez **karolstr** 30 Sty 2011, 14:34

Witam,
proszę o pomoc. Chyba złapałem coś bo komp ostatnio słabo działa.
Po pierwsze wszystko chodzi dość powoli. Np długo otwierają się większe katalogi.
Po drugie komp wiesza się przy przeglądaniu internetu i np na skypie (pokazuje się na kilka sek. "brak odpowiedzi")
Dorzucę jeszcze ok 60sek czekanie po kliknięciu na pokaz slajdów
System Vista 32bit - niemiecki
Będę wdzięczny jeśli ktoś rozwiąże moje problemy

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-30 13:17:54 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO Running: zqn0ysvj.exe; Driver: C:\Users\Karol\AppData\Local\Temp\uwddapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A950480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A991900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA294E300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA29DE300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 763DA84F 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2732] kernel32.dll!SetUnhandledExceptionFilter 763DA84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!SetScrollRange 77A2D185 5 Bytes JMP 046BB74C C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!GetScrollInfo 77A2F073 7 Bytes JMP 046BB67E C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!ShowScrollBar 77A2F8AE 5 Bytes JMP 046BB77A C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!SetScrollInfo 77A371D8 7 Bytes JMP 046BB6F6 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!EnableScrollBar 77A4AF53 7 Bytes JMP 046BB656 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!GetScrollPos 77A5337D 5 Bytes JMP 046BB6A6 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!GetScrollRange 77A534A5 5 Bytes JMP 046BB6CB C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[4176] USER32.dll!SetScrollPos 77A53602 5 Bytes JMP 046BB721 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5152] ntdll.dll!LdrLoadDll 77CE9390 5 Bytes JMP 002A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [722F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7234A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [722FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [722EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [722F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [722EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72328395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [722FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [722EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [722EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [722E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7237CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7231C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [722ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [722E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [722E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [722F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4164] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW] [7636159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x76 0x90 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x76 0x90 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... ---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-01-30 13:24:26 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karol\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polen | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 46,26 Gb Free Space | 39,81% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 126,10 Gb Free Space | 54,15% Space Free | Partition Type: NTFS Drive F: | 115,21 Gb Total Space | 37,16 Gb Free Space | 32,26% Space Free | Partition Type: NTFS Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KAROL-LAPTOP | User Name: Karol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16CA9114-C08C-40EB-B548-8963225221D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1AF46C79-0F0E-42EC-B23F-985B9A987767}" = rport=138 | protocol=17 | dir=out | app=system | "{2F854C82-F15C-4BAA-A23D-EE2BB0F23BAB}" = rport=445 | protocol=6 | dir=out | app=system | "{41189FD9-607C-4338-84C5-3D07139B57BF}" = rport=137 | protocol=17 | dir=out | app=system | "{4D3F9F29-52F8-4D9E-AC6E-F983A3DDE181}" = lport=139 | protocol=6 | dir=in | app=system | "{60D33530-BEE3-4405-B2F0-5F277A08D339}" = lport=137 | protocol=17 | dir=in | app=system | "{9CDDE64C-DB8E-4422-9B7F-110920D127F8}" = rport=139 | protocol=6 | dir=out | app=system | "{AFB4A6FD-23E5-45E9-A404-69367AB81804}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{C8970665-5F0A-4214-9247-9D1DA5C00481}" = lport=445 | protocol=6 | dir=in | app=system | "{CA5B367D-9A45-4784-9A0A-1028B9BFDEB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F6BDA369-B081-47ED-8738-F1FBC3987D6C}" = lport=138 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D9436B3-1244-4324-B694-5262DFA610F7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{230E3C66-7E35-48F3-B216-7F0414FAB4EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2E9CAC3D-81A2-4FC8-909A-EAE2034C61FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3F336336-CC50-4327-B333-D36528837431}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5EAE0725-3BFC-4E6E-9652-FE19A54EEA38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7D436ADE-712B-496F-ACF8-649C3CF42F97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8003B33F-17CE-4B99-86C1-91411A1EFBD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{863F0CF3-A92D-4497-9A68-30E5E25A1E3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B5F84A81-EE0E-4497-A87F-90A3E5EFC246}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CD4E4006-C60B-447A-95EE-762C1DDD657C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{F6B69695-0904-4845-A2AA-76563BD4A517}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{0087DCF3-B56D-4E52-A025-B45AC7B927BA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{08BCD183-9463-418F-A88E-8946E0E9A941}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "TCP Query User{1043B123-C497-4DDA-8DE9-5C1FFCE53324}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{27CDC82B-A6C4-4B60-91FF-0C5260770E54}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{301646C5-7AFE-405B-AC18-07FA57236CAD}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{31FB6D02-CF72-4D84-97F5-8625DDE8F562}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{432581C6-499A-428E-A905-A764FCD69CE1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{47BCAF04-CAB7-42E1-B7DB-FB43C7DEB883}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{5C0F1037-B200-4F58-BCA3-E719ED5E2470}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "TCP Query User{6BBC1473-A043-456C-A14E-0BD79E148E9D}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{AA4BB186-CC85-400D-A96B-14318EEA875F}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "TCP Query User{C19B7E0C-915E-49C1-8A52-1BFA79D76D88}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{D4A14D9F-4362-447E-A683-AB99B2D6C6CC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E17ACFC0-C054-43BA-86A3-149A7E971208}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E2B74D6E-CD60-4B2A-93BE-DB0EB911CB88}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E4483A2C-7F3C-418C-90ED-74640B69CC6D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{F08838B5-2DDB-442E-9354-9193263643B9}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{F1AE7D4D-2498-4C80-B8FE-A5326B5CAAC4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{FEF37365-EB7B-4E18-8310-49ADD106F454}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{06928E85-742C-4D92-B208-E74D00B1104F}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "UDP Query User{0C45AB26-506B-4459-BB90-F4F5F3B679E4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{18D6C85C-1588-4974-BEBE-52AC0E180DC8}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{206DB87C-5621-4D22-AC5B-D00AD3307EDA}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{357255B6-D608-4DBF-AC79-890DDB5FA40C}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{3C66A79B-7C4A-4B61-B54B-DA1ECF1D946F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{49B43BC0-F05A-4CDE-937E-2159337FAEBB}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{4E895B85-1F44-4330-BBFD-52FCC9BB57BD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{53C6382D-D722-411E-9B95-7B441AAA8157}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{58B7E6AD-4454-4A97-9168-4485E0C59146}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{97AB32E5-0538-43F7-AD5D-70C28A2AAFD5}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{99E60D48-614E-4C45-9C15-71A77A80D7A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9CA24124-56C7-4A37-AA76-20202D6512F5}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "UDP Query User{C456B629-CD48-4DD4-8AA9-78C23BE596E5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{D0F966D5-A5BF-44EC-9518-1E3715D85976}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{DB3DA326-BEEF-4AD4-8E84-C396D931C7FB}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "UDP Query User{DBA532BB-82FB-491C-BD33-065BA9D7166C}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{E8486227-6C65-4A45-BF03-AE5DBC928242}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E95B030F-73BC-48D6-9237-016C9FACB7A9}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00 "{20E26A4C-07BA-4BED-9FB3-145CF0304383}" = ESET NOD32 Antivirus "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (QOSMIOAVINDEXING) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42CB94C5-66F6-4F63-8D31-7FA3A86490A8}" = Toshiba TEMPRO "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5594FF8C-4765-4ADA-BCA4-10C8E7E5B7DD}" = TOSHIBA Quad Core HD Processor Driver 1.0.2.14 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F1038E5-D959-4935-A7A3-9414A41975C2}" = OpenOffice.org 2.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 begin_of_the_skype_highlighting 8169 8168 end_of_the_skype_highlighting begin_of_the_skype_highlighting 8169 8168 end_of_the_skype_highlighting 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FEBDF62-A0FD-46A3-B9CE-17C5E3A00BBA}" = TOSHIBA HD Console "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A13E78C5-F64F-4436-B571-07D4ADE18730}" = TOSHIBA TV Tuner "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC2C2126-2201-4D6B-86BE-364734257DCE}" = Polski 100 VT "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BB68D31F-9A51-43DC-B322-020D5C29E5FB}" = TOSHIBA Graphical Video Library "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E7124FF8-358C-4209-84FB-50F5B8BC2A7D}" = Toshiba Video Converter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center "{F727EC42-3ECD-4CEA-B8D2-7497667AB689}" = TOSHIBA_Quad_Core_HD_Processor_Demo "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager "{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FFF4949A-3B77-452C-BC5E-F49C8FBA99CF}_is1" = Fifa 2010 "06B1BC2A663E3F5B7EBAD9000831FCE29C7CC24A" = Windows-Treiberpaket - TOSHIBA (mod7700) Media (04/21/2007 2.3.3.21) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.46 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Setup.divx.com" = DivX Setup "ElsterFormular ***unknown variable buildnummer***" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileRecovery for SD" = FileRecovery for SD "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "InstallShield_{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "InternetCalls_is1" = InternetCalls "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Corporate) "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "myphotobook" = myphotobook 3.6 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "PLP 10 " = PLP 10 "Profesor Klaus 5.0 - Słownictwo_is1" = Profesor Klaus 5.0 - Słownictwo "RealAlt_is1" = Real Alternative 2.0.1 "RealPlayer 12.0" = RealPlayer "Recuva" = Recuva "SkanerOnline" = Skaner on-line mks_vir "SopCast" = SopCast 3.2.4 "Tlen.pl" = Tlen.pl "TOSHIBA Software Modem" = TOSHIBA Software Modem "Totalcmd" = Total Commander (Remove or Repair) "TVAnts 1.0" = TVAnts 1.0 "Ultra RM Converter_is1" = Ultra RM Converter 5.1.0108 "vShare" = vShare Plugin "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Archiwizator WinRAR "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-20 18:18:57 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-01-24 13:05:59 | Computer Name = Karol-Laptop | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 2011-01-24 13:06:22 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-01-24 13:06:54 | Computer Name = Karol-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2011-01-24 13:16:31 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-01-24 13:26:31 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-01-25 13:51:51 | Computer Name = Karol-Laptop | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 2011-01-25 13:53:02 | Computer Name = Karol-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2011-01-25 14:21:39 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-01-25 14:21:43 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 2011-01-25 13:53:02 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-26 13:06:14 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-27 13:08:36 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-27 14:12:41 | Computer Name = Karol-Laptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse 0022FA13FCD4 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 2011-01-28 12:35:53 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-29 04:32:10 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-29 14:31:57 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-30 06:25:22 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-30 07:38:34 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-01-30 07:41:24 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-30 13:24:26 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karol\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polen | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 46,26 Gb Free Space | 39,81% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 126,10 Gb Free Space | 54,15% Space Free | Partition Type: NTFS Drive F: | 115,21 Gb Total Space | 37,16 Gb Free Space | 32,26% Space Free | Partition Type: NTFS Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KAROL-LAPTOP | User Name: Karol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-30 13:22:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe PRC - [2011-01-30 12:45:04 | 000,296,448 | ---- | M] () -- C:\Users\Karol\Desktop\zqn0ysvj.exe PRC - [2011-01-08 17:41:50 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010-12-03 20:58:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010-08-20 20:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2009-08-24 10:27:34 | 007,719,456 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009-07-21 16:55:46 | 001,045,904 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproTray.exe PRC - [2009-07-21 16:55:30 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe PRC - [2009-07-01 17:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Programme\Winamp\winamp.exe PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2009-05-27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009-04-23 19:19:04 | 003,200,512 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Programme\TrueSuite Access Manager\PwdBank.exe PRC - [2009-04-23 19:17:30 | 000,094,208 | ---- | M] () -- C:\Programme\TrueSuite Access Manager\usbnotify.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-17 15:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Programme\Tlen.pl\tlen.exe PRC - [2009-01-14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008-11-05 17:58:42 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe PRC - [2008-10-25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008-10-21 17:48:06 | 000,704,512 | ---- | M] (AuthenTec, Inc) -- C:\Programme\TrueSuite Access Manager\FpNotifier.exe PRC - [2008-10-20 18:57:12 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin PRC - [2008-10-20 18:57:10 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe PRC - [2008-09-16 10:21:19 | 001,447,168 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-08-25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008-08-19 20:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008-07-14 11:42:22 | 000,409,600 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008-07-07 07:34:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008-07-04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008-07-04 11:52:14 | 002,072,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008-06-18 19:53:53 | 000,679,936 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2008-06-10 19:34:02 | 000,159,744 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2008-06-05 17:41:22 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008-04-30 18:24:50 | 000,692,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TRCMan\TRCMan.exe PRC - [2008-04-26 14:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe PRC - [2008-04-24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2008-04-22 10:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008-04-18 18:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2008-04-18 18:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008-04-17 09:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe PRC - [2008-04-16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2008-04-16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008-04-16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2008-04-16 15:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2008-04-14 22:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008-04-11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008-03-31 18:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008-03-19 12:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe PRC - [2008-01-25 12:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe PRC - [2008-01-21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008-01-17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe PRC - [2008-01-17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\Toshiba\Power Saver\TosCoSrv.exe PRC - [2008-01-09 09:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007-12-21 06:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2007-12-03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007-11-21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007-09-28 15:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007-07-10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe PRC - [2007-01-18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE PRC - [2006-11-06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe PRC - [2006-10-05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-30 13:22:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-21 16:55:30 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2009-01-14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008-11-05 17:58:42 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager) SRV - [2008-08-25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008-08-19 20:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008-08-18 12:30:58 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2008-07-14 11:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008-07-04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008-06-05 17:41:22 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008-04-16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008-04-11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007-12-21 06:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2007-12-03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007-11-21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007-01-18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE -- (UleadBurningHelper) SRV - [2006-10-05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005-11-17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-06-23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009-10-06 18:03:56 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-06 18:03:48 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-01 00:49:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-08-24 10:19:10 | 002,754,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-06-15 05:07:52 | 000,115,552 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-11-17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008-10-21 14:58:20 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008-08-18 12:27:42 | 000,034,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2008-08-18 12:19:26 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\easdrv.sys -- (easdrv) DRV - [2008-08-18 12:18:26 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008-07-04 06:22:50 | 000,280,448 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2008-05-29 06:11:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008-05-07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) DRV - [2008-05-07 09:31:26 | 000,106,496 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spurs.sys -- (SPURS) DRV - [2008-04-29 00:56:30 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid) DRV - [2008-04-29 00:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008-04-25 08:16:36 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma) DRV - [2008-04-25 02:05:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008-04-23 16:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008-04-21 13:02:28 | 000,444,672 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2008-04-15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008-03-25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008-03-19 10:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008-03-17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-03-14 13:18:34 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008-02-06 23:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008-01-22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-12-17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007-11-29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007-11-09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007-10-18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007-10-02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2006-11-28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-10-23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006-10-18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005-01-07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-01-08 17:42:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-24 19:11:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-24 19:11:39 | 000,000,000 | ---D | M] [2009-10-07 18:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Extensions [2011-01-30 11:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions [2010-05-27 19:26:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-26 18:12:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011-01-26 18:12:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-01-03 20:22:01 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010-11-04 18:46:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\vshare@toolbar [2010-08-25 08:28:57 | 000,001,819 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\bing.xml [2010-01-25 22:37:19 | 000,002,059 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\daemon-search.xml [2010-10-03 13:08:55 | 000,001,583 | ---- | M] () -- C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\web-search.xml [2011-01-24 19:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010-03-29 18:11:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-05-26 17:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-03-29 18:11:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010-01-06 19:17:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2010-02-08 19:03:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-05-26 17:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-01-10 12:34:40 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2010-01-10 12:34:40 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\SSFF [2011-01-08 17:42:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010-04-12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [FingerPrintNotifer] C:\Programme\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] File not found O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PwdBank] C:\Programme\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] File not found O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Programme\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [UsbMonitor] C:\Programme\TrueSuite Access Manager\usbnotify.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\..Trusted Domains: mks.com.pl ([www] http in Vertrauenswürdige Sites) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2c4c55e0-b672-11de-abe4-00235a05bafc}\Shell - "" = AutoRun O33 - MountPoints2\{2c4c55e0-b672-11de-abe4-00235a05bafc}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{89a0c777-d0e0-11de-8750-0022fa13fcd4}\Shell - "" = AutoRun O33 - MountPoints2\{89a0c777-d0e0-11de-8750-0022fa13fcd4}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{94fa0bb9-91c4-11df-91cd-00037a9994e9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sOeUV.exE O33 - MountPoints2\{a794e63e-b297-11de-86af-00235a05bafc}\Shell - "" = AutoRun O33 - MountPoints2\{a794e63e-b297-11de-86af-00235a05bafc}\Shell\AutoRun\command - "" = H:\jpn-fa10.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-30 13:22:31 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-01-30 12:32:40 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Karol\Desktop\SPTDinst-v162-x86.exe [2011-01-24 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\malaga [2011-01-24 19:08:22 | 009,289,416 | ---- | C] (Mozilla) -- C:\Users\Karol\Desktop\Firefox Setup 3.6.13.exe [2011-01-24 18:40:53 | 000,000,000 | ---D | C] -- C:\Programme\SkanerOnline [2011-01-24 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-01-12 19:03:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011-01-12 19:02:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011-01-09 14:00:38 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\aviproxy [2011-01-08 18:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra RM Converter [2011-01-08 18:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Ultra RM Converter [2011-01-08 17:42:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared [2011-01-08 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2011-01-08 17:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Real [2011-01-08 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-30 13:23:27 | 005,505,024 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT [2011-01-30 13:22:49 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-01-30 13:19:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-01-30 12:45:04 | 000,296,448 | ---- | M] () -- C:\Users\Karol\Desktop\zqn0ysvj.exe [2011-01-30 12:40:14 | 000,342,844 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011-01-30 12:40:09 | 000,342,844 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011-01-30 12:40:08 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-01-30 12:39:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-01-30 12:39:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-01-30 12:39:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-01-30 12:39:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-01-30 12:39:45 | 3184,410,624 | -HS- | M] () -- C:\hiberfil.sys [2011-01-30 12:38:47 | 000,524,288 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011-01-30 12:38:47 | 000,065,536 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011-01-30 12:38:37 | 004,151,677 | -H-- | M] () -- C:\Users\Karol\AppData\Local\IconCache.db [2011-01-30 12:34:42 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Karol\Desktop\SPTDinst-v162-x86.exe [2011-01-30 11:36:11 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3479919686-3852008400-2815448960-1003UA.job [2011-01-30 11:26:52 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4356D890-50B7-4725-A72C-78E8335E0935}.job [2011-01-29 12:20:08 | 000,062,976 | ---- | M] () -- C:\Users\Karol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-28 18:36:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3479919686-3852008400-2815448960-1003Core.job [2011-01-27 19:34:19 | 000,024,064 | ---- | M] () -- C:\Users\Karol\Desktop\Karol.doc [2011-01-27 19:30:27 | 000,064,512 | ---- | M] () -- C:\Users\Karol\Desktop\Einverstndniserklrung.doc [2011-01-24 22:10:57 | 000,043,625 | ---- | M] () -- C:\Users\Karol\Desktop\kaucja.pdf [2011-01-24 19:11:44 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-01-24 19:09:54 | 009,289,416 | ---- | M] (Mozilla) -- C:\Users\Karol\Desktop\Firefox Setup 3.6.13.exe [2011-01-24 18:32:44 | 000,002,047 | ---- | M] () -- C:\Users\Karol\Desktop\Google Chrome.lnk [2011-01-20 16:57:45 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-01-08 18:03:48 | 000,000,857 | ---- | M] () -- C:\Users\Karol\Desktop\Ultra RM Converter.lnk [2011-01-08 17:55:58 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Karol.job [2011-01-08 17:42:21 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011-01-08 17:42:06 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011-01-08 17:41:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011-01-08 17:41:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2011-01-08 12:08:43 | 000,675,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011-01-08 12:08:43 | 000,651,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-01-08 12:08:43 | 000,148,788 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011-01-08 12:08:43 | 000,126,098 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-01-08 12:08:42 | 001,606,458 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-30 12:44:40 | 000,296,448 | ---- | C] () -- C:\Users\Karol\Desktop\zqn0ysvj.exe [2011-01-27 19:34:18 | 000,024,064 | ---- | C] () -- C:\Users\Karol\Desktop\Karol.doc [2011-01-27 19:30:26 | 000,064,512 | ---- | C] () -- C:\Users\Karol\Desktop\Einverstndniserklrung.doc [2011-01-24 22:10:56 | 000,043,625 | ---- | C] () -- C:\Users\Karol\Desktop\kaucja.pdf [2011-01-24 18:32:44 | 000,002,047 | ---- | C] () -- C:\Users\Karol\Desktop\Google Chrome.lnk [2011-01-24 18:31:52 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3479919686-3852008400-2815448960-1003UA.job [2011-01-24 18:31:51 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3479919686-3852008400-2815448960-1003Core.job [2011-01-08 21:06:40 | 004,151,677 | -H-- | C] () -- C:\Users\Karol\AppData\Local\IconCache.db [2011-01-08 18:03:48 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2011-01-08 18:03:48 | 000,000,857 | ---- | C] () -- C:\Users\Karol\Desktop\Ultra RM Converter.lnk [2011-01-08 17:42:21 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2010-09-04 11:34:47 | 000,000,016 | -H-- | C] () -- C:\Users\Karol\AppData\Local\mxfilerelatedcache.mxc2 [2010-09-04 11:34:45 | 000,000,016 | -H-- | C] () -- C:\Users\Karol\AppData\Roaming\mxfilerelatedcache.mxc2 [2010-07-17 19:50:36 | 000,002,432 | ---- | C] () -- C:\Users\Karol\AppData\Local\TempWT2488.html [2010-07-17 19:50:36 | 000,002,089 | ---- | C] () -- C:\Users\Karol\AppData\Local\TemprA2488.html [2010-07-04 11:22:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2010-05-30 15:59:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-05-30 15:59:27 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-05-30 15:59:27 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-05-30 15:59:27 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010-05-30 15:51:07 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-05-30 15:51:07 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-04-10 21:32:05 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll [2010-04-10 21:32:05 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys [2010-02-13 13:03:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-01-24 22:50:50 | 000,000,093 | ---- | C] () -- C:\Users\Karol\AppData\Local\fusioncache.dat [2010-01-10 12:33:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009-12-11 21:03:42 | 000,000,680 | ---- | C] () -- C:\Users\Karol\AppData\Local\d3d9caps.dat [2009-12-03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009-10-29 18:50:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-29 18:50:07 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-10-11 17:49:01 | 000,062,976 | ---- | C] () -- C:\Users\Karol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-11 15:40:03 | 000,000,006 | -HS- | C] () -- C:\Users\Karol\AppData\Roaming\desktop.ini [2009-10-11 15:40:00 | 000,000,006 | -HS- | C] () -- C:\Users\Karol\AppData\Local\desktop.ini [2009-10-07 18:37:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-10-06 18:03:56 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009-10-06 18:03:48 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009-10-05 19:54:19 | 000,118,312 | ---- | C] () -- C:\Users\Karol\AppData\Local\GDIPFONTCACHEV1.DAT [2009-10-05 19:53:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009-10-05 19:53:57 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009-10-05 19:53:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009-10-05 19:53:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009-10-05 19:53:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009-10-05 19:53:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009-10-05 19:38:42 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009-10-05 19:38:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009-10-05 19:38:42 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009-10-05 19:38:42 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008-08-18 12:27:42 | 000,034,312 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys [2008-07-07 08:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008-07-07 07:33:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008-07-07 07:11:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2008-07-07 06:44:22 | 000,342,844 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008-07-07 06:44:18 | 000,342,844 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008-06-23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008-05-23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008-04-03 08:55:44 | 000,000,091 | ---- | C] () -- C:\Windows\System32\HD_Demo.ini [2008-01-21 08:16:22 | 001,606,458 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008-01-21 03:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2007-12-21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006-11-02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2005-11-23 12:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005-07-22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2010-10-25 18:04:49 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\BESTplayer [2009-10-06 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\DAEMON Tools Lite [2010-01-27 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\elsterformular [2010-07-17 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Gadu-Gadu 10 [2010-04-11 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\GHISLER [2010-09-26 11:06:32 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\InternetCalls [2009-10-11 15:42:33 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\myphotobook [2010-02-13 20:12:44 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Nowe Gadu-Gadu [2010-07-19 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\OpenCandy [2009-10-11 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Opera [2010-02-13 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\RayV [2010-01-24 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Strokes 4.0 [2011-01-20 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Tlen.pl [2009-10-31 21:25:51 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Toshiba [2010-05-31 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Uniblue [2009-10-11 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Vodafone [2011-01-30 12:38:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-01-30 11:26:52 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4356D890-50B7-4725-A72C-78E8335E0935}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Karol\Desktop\2356.flv:TOC.WMV @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B < End of report >

**Posty:** 18165 · przez **wojtas** 31 Sty 2011, 00:52

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-3479919686-3852008400-2815448960-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Toshiba TEMPO] File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
@Alternate Data Stream - 64 bytes -> C:\Users\Karol\Desktop\2356.flv:TOC.WMV
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B

:Files
C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\bing.xml
C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\daemon-search.xml
C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vwlb9580.default\searchplugins\web-search.xml
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
C:\PROGRAM FILES\PDFFORGE TOOLBAR\SSFF
C:\Windows\tasks\*.job
C:\Users\Karol\AppData\Local\Temp*.html

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa (zwróć uwagę na autostart)
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6 Update 23

**Posty:** 17 · przez **karolstr** 03 Lut 2011, 20:20

dzieki za odpowiedz i pomoc. Zrobiłem po kolei to co napisałeś ale niestety niewiele się zmieniło. Masz może jeszcze jakieś pomysły?

**Posty:** 18165 · przez **wojtas** 05 Lut 2011, 19:05

daj nowe logi

**Posty:** 17 · przez **karolstr** 06 Lut 2011, 13:30

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-06 12:18:09 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO Running: zqn0ysvj.exe; Driver: C:\Users\Karol\AppData\Local\Temp\uwddapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A94E480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A98F900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2B6B300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2BFB300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 775BA84F 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2016] USER32.dll!TrackPopupMenu 766F14F3 4 Bytes JMP 62812342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ntdll.dll!LdrLoadDll 77C99390 5 Bytes JMP 00EF13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [721C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7221A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [721CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [721BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [721C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [721BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [721F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [721CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [721BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [721BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [721B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7224CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [721EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [721BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [721B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [721B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [721C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3920] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW] [7628159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x76 0x90 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF1 0x76 0x90 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... ---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-06 12:23:15 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karol\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polen | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 58,89 Gb Free Space | 50,68% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 124,93 Gb Free Space | 53,64% Space Free | Partition Type: NTFS Drive F: | 115,21 Gb Total Space | 37,85 Gb Free Space | 32,85% Space Free | Partition Type: NTFS Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KAROL-LAPTOP | User Name: Karol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-06 12:22:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009-08-24 10:27:34 | 007,719,456 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009-07-21 16:55:46 | 001,045,904 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproTray.exe PRC - [2009-07-21 16:55:30 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe PRC - [2009-07-01 17:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Programme\Winamp\winamp.exe PRC - [2009-05-27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009-04-23 19:19:04 | 003,200,512 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Programme\TrueSuite Access Manager\PwdBank.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-17 15:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Programme\Tlen.pl\tlen.exe PRC - [2009-01-14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008-11-05 17:58:42 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe PRC - [2008-10-25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008-09-16 10:21:19 | 001,447,168 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-08-25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008-08-19 20:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008-07-14 11:42:22 | 000,409,600 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008-07-04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008-06-18 19:53:53 | 000,679,936 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2008-06-10 19:34:02 | 000,159,744 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2008-06-05 17:41:22 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008-04-30 18:24:50 | 000,692,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TRCMan\TRCMan.exe PRC - [2008-04-26 14:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe PRC - [2008-04-24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2008-04-22 10:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008-04-18 18:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2008-04-18 18:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008-04-17 09:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe PRC - [2008-04-16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008-04-16 15:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2008-04-14 22:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008-04-11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008-03-31 18:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008-03-19 12:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe PRC - [2008-01-25 12:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe PRC - [2008-01-21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008-01-17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe PRC - [2008-01-17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\Toshiba\Power Saver\TosCoSrv.exe PRC - [2008-01-09 09:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007-12-21 06:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2007-12-03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007-11-21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007-09-28 15:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007-07-10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe PRC - [2007-01-18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE PRC - [2006-11-06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe PRC - [2006-10-05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-06 12:22:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-21 16:55:30 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2009-01-14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008-11-05 17:58:42 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager) SRV - [2008-08-25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008-08-19 20:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008-08-18 12:30:58 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2008-07-14 11:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008-07-04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008-06-05 17:41:22 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008-04-16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008-04-11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007-12-21 06:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2007-12-03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007-11-21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007-01-18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE -- (UleadBurningHelper) SRV - [2006-10-05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005-11-17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-06-23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009-10-06 18:03:56 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-06 18:03:48 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-09-01 00:49:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-08-24 10:19:10 | 002,754,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-06-15 05:07:52 | 000,115,552 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-11-17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008-10-21 14:58:20 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008-08-18 12:27:42 | 000,034,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2008-08-18 12:19:26 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\easdrv.sys -- (easdrv) DRV - [2008-08-18 12:18:26 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008-07-04 06:22:50 | 000,280,448 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2008-05-29 06:11:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008-05-07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) DRV - [2008-05-07 09:31:26 | 000,106,496 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spurs.sys -- (SPURS) DRV - [2008-04-29 00:56:30 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid) DRV - [2008-04-29 00:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008-04-25 08:16:36 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma) DRV - [2008-04-25 02:05:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008-04-23 16:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008-04-21 13:02:28 | 000,444,672 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2008-04-15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008-03-25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008-03-19 10:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008-03-17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-03-14 13:18:34 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008-02-06 23:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008-01-22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-12-17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007-11-29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007-11-09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007-10-18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007-10-02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2006-11-28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-10-23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006-10-18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005-01-07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-01-08 17:42:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-24 19:11:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-01 22:18:56 | 000,000,000 | ---D | M] [2009-10-07 18:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Extensions [2011-02-06 11:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions [2010-05-27 19:26:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-26 18:12:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011-01-26 18:12:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-01-03 20:22:01 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010-11-04 18:46:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\vshare@toolbar [2011-02-03 19:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011-02-01 21:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-01-06 19:17:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2010-02-08 19:03:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2011-02-01 21:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-08 17:42:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011-02-01 21:58:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PwdBank] C:\Programme\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRCMan] C:\Programme\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: mks.com.pl ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-06 12:22:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-02-03 19:15:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011-02-03 19:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-02-03 19:15:22 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2011-02-03 19:14:00 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Karol\Desktop\SkypeSetup.exe [2011-02-01 22:18:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011-02-01 21:58:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-02-01 21:58:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-02-01 21:58:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-02-01 21:55:42 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Karol\Desktop\jre-6u23-windows-i586_[www.programosy.pl].exe [2011-02-01 21:54:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2011-02-01 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Roaming\Malwarebytes [2011-02-01 21:49:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-02-01 21:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-02-01 21:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-02-01 21:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-02-01 21:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011-02-01 21:46:50 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Karol\Desktop\mbam_1.50.1.1100_[www.programosy.pl].exe [2011-02-01 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\keller [2011-01-31 22:33:28 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-01-30 12:32:40 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Karol\Desktop\SPTDinst-v162-x86.exe [2011-01-24 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\malaga [2011-01-24 19:08:22 | 009,289,416 | ---- | C] (Mozilla) -- C:\Users\Karol\Desktop\Firefox Setup 3.6.13.exe [2011-01-24 18:40:53 | 000,000,000 | ---D | C] -- C:\Programme\SkanerOnline [2011-01-24 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-01-12 19:03:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011-01-12 19:02:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011-01-09 14:00:38 | 000,000,000 | ---D | C] -- C:\Users\Karol\Desktop\aviproxy [2011-01-08 18:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra RM Converter [2011-01-08 18:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Ultra RM Converter [2011-01-08 17:42:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared [2011-01-08 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2011-01-08 17:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Real [2011-01-08 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-06 12:22:45 | 005,505,024 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT [2011-02-06 12:22:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Karol\Desktop\OTL.exe [2011-02-06 11:09:09 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4356D890-50B7-4725-A72C-78E8335E0935}.job [2011-02-06 11:06:18 | 000,342,844 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011-02-06 11:06:12 | 000,342,844 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011-02-06 11:05:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-06 11:05:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-06 11:05:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-02-06 11:05:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-06 11:05:47 | 3182,325,760 | -HS- | M] () -- C:\hiberfil.sys [2011-02-05 13:35:41 | 000,524,288 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011-02-05 13:35:41 | 000,065,536 | -HS- | M] () -- C:\Users\Karol\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011-02-05 13:35:26 | 002,745,745 | -H-- | M] () -- C:\Users\Karol\AppData\Local\IconCache.db [2011-02-05 12:36:53 | 000,002,047 | ---- | M] () -- C:\Users\Karol\Desktop\Google Chrome.lnk [2011-02-04 19:59:31 | 000,027,842 | ---- | M] () -- C:\Users\Karol\Documents\II.docx [2011-02-04 17:43:18 | 001,606,458 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-02-04 17:43:18 | 000,675,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011-02-04 17:43:18 | 000,651,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-04 17:43:18 | 000,148,788 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011-02-04 17:43:18 | 000,126,098 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-03 19:15:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-02-03 19:14:26 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Karol\Desktop\SkypeSetup.exe [2011-02-03 08:06:26 | 000,150,400 | ---- | M] () -- C:\Users\Karol\Desktop\ABCD4A140F.pdf [2011-02-01 22:18:56 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-02-01 21:58:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-02-01 21:58:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-02-01 21:58:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-02-01 21:58:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-02-01 21:55:56 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Karol\Desktop\jre-6u23-windows-i586_[www.programosy.pl].exe [2011-02-01 21:49:10 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-02-01 21:47:02 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Karol\Desktop\mbam_1.50.1.1100_[www.programosy.pl].exe [2011-02-01 21:39:01 | 000,070,144 | ---- | M] () -- C:\Users\Karol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-31 22:22:43 | 000,118,312 | ---- | M] () -- C:\Users\Karol\AppData\Local\GDIPFONTCACHEV1.DAT [2011-01-31 22:21:54 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-01-30 21:41:57 | 000,000,680 | ---- | M] () -- C:\Users\Karol\AppData\Local\d3d9caps.dat [2011-01-30 12:45:04 | 000,296,448 | ---- | M] () -- C:\Users\Karol\Desktop\zqn0ysvj.exe [2011-01-30 12:34:42 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Karol\Desktop\SPTDinst-v162-x86.exe [2011-01-27 19:34:19 | 000,024,064 | ---- | M] () -- C:\Users\Karol\Desktop\Karol.doc [2011-01-24 22:10:57 | 000,043,625 | ---- | M] () -- C:\Users\Karol\Desktop\kaucja.pdf [2011-01-24 19:11:44 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-01-24 19:09:54 | 009,289,416 | ---- | M] (Mozilla) -- C:\Users\Karol\Desktop\Firefox Setup 3.6.13.exe [2011-01-08 18:03:48 | 000,000,857 | ---- | M] () -- C:\Users\Karol\Desktop\Ultra RM Converter.lnk [2011-01-08 17:42:21 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011-01-08 17:42:06 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2011-01-08 17:41:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2011-01-08 17:41:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-04 18:55:28 | 000,027,842 | ---- | C] () -- C:\Users\Karol\Documents\II.docx [2011-02-03 19:15:25 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-02-03 08:06:26 | 000,150,400 | ---- | C] () -- C:\Users\Karol\Desktop\ABCD4A140F.pdf [2011-02-01 22:18:56 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-02-01 22:18:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-02-01 21:49:10 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-02-01 01:24:28 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4356D890-50B7-4725-A72C-78E8335E0935}.job [2011-01-30 12:44:40 | 000,296,448 | ---- | C] () -- C:\Users\Karol\Desktop\zqn0ysvj.exe [2011-01-27 19:34:18 | 000,024,064 | ---- | C] () -- C:\Users\Karol\Desktop\Karol.doc [2011-01-24 22:10:56 | 000,043,625 | ---- | C] () -- C:\Users\Karol\Desktop\kaucja.pdf [2011-01-24 18:32:44 | 000,002,047 | ---- | C] () -- C:\Users\Karol\Desktop\Google Chrome.lnk [2011-01-08 21:06:40 | 002,745,745 | -H-- | C] () -- C:\Users\Karol\AppData\Local\IconCache.db [2011-01-08 18:03:48 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2011-01-08 18:03:48 | 000,000,857 | ---- | C] () -- C:\Users\Karol\Desktop\Ultra RM Converter.lnk [2011-01-08 17:42:21 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2010-09-04 11:34:47 | 000,000,016 | -H-- | C] () -- C:\Users\Karol\AppData\Local\mxfilerelatedcache.mxc2 [2010-09-04 11:34:45 | 000,000,016 | -H-- | C] () -- C:\Users\Karol\AppData\Roaming\mxfilerelatedcache.mxc2 [2010-07-04 11:22:43 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2010-05-30 15:59:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-05-30 15:59:27 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-05-30 15:59:27 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-05-30 15:59:27 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010-05-30 15:51:07 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-05-30 15:51:07 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-04-10 21:32:05 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll [2010-04-10 21:32:05 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys [2010-02-13 13:03:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-01-24 22:50:50 | 000,000,093 | ---- | C] () -- C:\Users\Karol\AppData\Local\fusioncache.dat [2010-01-10 12:33:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009-12-11 21:03:42 | 000,000,680 | ---- | C] () -- C:\Users\Karol\AppData\Local\d3d9caps.dat [2009-12-03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009-10-29 18:50:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-29 18:50:07 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-10-11 17:49:01 | 000,070,144 | ---- | C] () -- C:\Users\Karol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-11 15:40:03 | 000,000,006 | -HS- | C] () -- C:\Users\Karol\AppData\Roaming\desktop.ini [2009-10-11 15:40:00 | 000,000,006 | -HS- | C] () -- C:\Users\Karol\AppData\Local\desktop.ini [2009-10-07 18:37:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-10-06 18:03:56 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009-10-06 18:03:48 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009-10-05 19:54:19 | 000,118,312 | ---- | C] () -- C:\Users\Karol\AppData\Local\GDIPFONTCACHEV1.DAT [2009-10-05 19:53:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009-10-05 19:53:57 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009-10-05 19:53:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009-10-05 19:53:57 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009-10-05 19:53:57 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009-10-05 19:53:57 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009-10-05 19:38:42 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009-10-05 19:38:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009-10-05 19:38:42 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009-10-05 19:38:42 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008-08-18 12:27:42 | 000,034,312 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys [2008-07-07 08:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008-07-07 07:33:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008-07-07 07:11:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2008-07-07 06:44:22 | 000,342,844 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008-07-07 06:44:18 | 000,342,844 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008-06-23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008-05-23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008-04-03 08:55:44 | 000,000,091 | ---- | C] () -- C:\Windows\System32\HD_Demo.ini [2008-01-21 08:16:22 | 001,606,458 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008-01-21 03:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2007-12-21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006-11-02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2005-11-23 12:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005-07-22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2010-10-25 18:04:49 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\BESTplayer [2009-10-06 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\DAEMON Tools Lite [2010-01-27 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\elsterformular [2010-07-17 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Gadu-Gadu 10 [2010-04-11 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\GHISLER [2010-09-26 11:06:32 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\InternetCalls [2009-10-11 15:42:33 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\myphotobook [2010-02-13 20:12:44 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Nowe Gadu-Gadu [2010-07-19 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\OpenCandy [2009-10-11 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Opera [2010-02-13 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\RayV [2010-01-24 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Strokes 4.0 [2011-01-20 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Tlen.pl [2009-10-31 21:25:51 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Toshiba [2010-05-31 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Uniblue [2009-10-11 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\Karol\AppData\Roaming\Vodafone [2011-02-05 13:35:47 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-02-06 11:09:09 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4356D890-50B7-4725-A72C-78E8335E0935}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-02-06 12:23:15 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karol\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polen | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 58,89 Gb Free Space | 50,68% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 124,93 Gb Free Space | 53,64% Space Free | Partition Type: NTFS Drive F: | 115,21 Gb Total Space | 37,85 Gb Free Space | 32,85% Space Free | Partition Type: NTFS Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KAROL-LAPTOP | User Name: Karol | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16CA9114-C08C-40EB-B548-8963225221D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1AF46C79-0F0E-42EC-B23F-985B9A987767}" = rport=138 | protocol=17 | dir=out | app=system | "{2F854C82-F15C-4BAA-A23D-EE2BB0F23BAB}" = rport=445 | protocol=6 | dir=out | app=system | "{41189FD9-607C-4338-84C5-3D07139B57BF}" = rport=137 | protocol=17 | dir=out | app=system | "{4D3F9F29-52F8-4D9E-AC6E-F983A3DDE181}" = lport=139 | protocol=6 | dir=in | app=system | "{60D33530-BEE3-4405-B2F0-5F277A08D339}" = lport=137 | protocol=17 | dir=in | app=system | "{9CDDE64C-DB8E-4422-9B7F-110920D127F8}" = rport=139 | protocol=6 | dir=out | app=system | "{AFB4A6FD-23E5-45E9-A404-69367AB81804}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{C8970665-5F0A-4214-9247-9D1DA5C00481}" = lport=445 | protocol=6 | dir=in | app=system | "{CA5B367D-9A45-4784-9A0A-1028B9BFDEB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F6BDA369-B081-47ED-8738-F1FBC3987D6C}" = lport=138 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C06F869-D94D-4C24-AA1C-C8F870803869}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D9436B3-1244-4324-B694-5262DFA610F7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{230E3C66-7E35-48F3-B216-7F0414FAB4EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3F336336-CC50-4327-B333-D36528837431}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5EAE0725-3BFC-4E6E-9652-FE19A54EEA38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7D436ADE-712B-496F-ACF8-649C3CF42F97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8003B33F-17CE-4B99-86C1-91411A1EFBD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{863F0CF3-A92D-4497-9A68-30E5E25A1E3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B5F84A81-EE0E-4497-A87F-90A3E5EFC246}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CD4E4006-C60B-447A-95EE-762C1DDD657C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{F6B69695-0904-4845-A2AA-76563BD4A517}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{0087DCF3-B56D-4E52-A025-B45AC7B927BA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{08BCD183-9463-418F-A88E-8946E0E9A941}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "TCP Query User{1043B123-C497-4DDA-8DE9-5C1FFCE53324}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{27CDC82B-A6C4-4B60-91FF-0C5260770E54}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{301646C5-7AFE-405B-AC18-07FA57236CAD}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{31FB6D02-CF72-4D84-97F5-8625DDE8F562}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{432581C6-499A-428E-A905-A764FCD69CE1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{47BCAF04-CAB7-42E1-B7DB-FB43C7DEB883}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{5C0F1037-B200-4F58-BCA3-E719ED5E2470}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "TCP Query User{6BBC1473-A043-456C-A14E-0BD79E148E9D}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{AA4BB186-CC85-400D-A96B-14318EEA875F}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "TCP Query User{C19B7E0C-915E-49C1-8A52-1BFA79D76D88}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{D4A14D9F-4362-447E-A683-AB99B2D6C6CC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E17ACFC0-C054-43BA-86A3-149A7E971208}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E2B74D6E-CD60-4B2A-93BE-DB0EB911CB88}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E4483A2C-7F3C-418C-90ED-74640B69CC6D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{F08838B5-2DDB-442E-9354-9193263643B9}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{F1AE7D4D-2498-4C80-B8FE-A5326B5CAAC4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{FEF37365-EB7B-4E18-8310-49ADD106F454}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{06928E85-742C-4D92-B208-E74D00B1104F}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "UDP Query User{0C45AB26-506B-4459-BB90-F4F5F3B679E4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{18D6C85C-1588-4974-BEBE-52AC0E180DC8}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{206DB87C-5621-4D22-AC5B-D00AD3307EDA}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{357255B6-D608-4DBF-AC79-890DDB5FA40C}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{3C66A79B-7C4A-4B61-B54B-DA1ECF1D946F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{49B43BC0-F05A-4CDE-937E-2159337FAEBB}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{4E895B85-1F44-4330-BBFD-52FCC9BB57BD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{53C6382D-D722-411E-9B95-7B441AAA8157}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{58B7E6AD-4454-4A97-9168-4485E0C59146}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{97AB32E5-0538-43F7-AD5D-70C28A2AAFD5}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{99E60D48-614E-4C45-9C15-71A77A80D7A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9CA24124-56C7-4A37-AA76-20202D6512F5}C:\program files\internetcalls.com\internetcalls\internetcalls.exe" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe | "UDP Query User{C456B629-CD48-4DD4-8AA9-78C23BE596E5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{D0F966D5-A5BF-44EC-9518-1E3715D85976}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{DB3DA326-BEEF-4AD4-8E84-C396D931C7FB}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "UDP Query User{DBA532BB-82FB-491C-BD33-065BA9D7166C}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{E8486227-6C65-4A45-BF03-AE5DBC928242}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E95B030F-73BC-48D6-9237-016C9FACB7A9}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00 "{20E26A4C-07BA-4BED-9FB3-145CF0304383}" = ESET NOD32 Antivirus "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (QOSMIOAVINDEXING) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42CB94C5-66F6-4F63-8D31-7FA3A86490A8}" = Toshiba TEMPRO "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5594FF8C-4765-4ADA-BCA4-10C8E7E5B7DD}" = TOSHIBA Quad Core HD Processor Driver 1.0.2.14 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F1038E5-D959-4935-A7A3-9414A41975C2}" = OpenOffice.org 2.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FEBDF62-A0FD-46A3-B9CE-17C5E3A00BBA}" = TOSHIBA HD Console "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A13E78C5-F64F-4436-B571-07D4ADE18730}" = TOSHIBA TV Tuner "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC2C2126-2201-4D6B-86BE-364734257DCE}" = Polski 100 VT "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BB68D31F-9A51-43DC-B322-020D5C29E5FB}" = TOSHIBA Graphical Video Library "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E7124FF8-358C-4209-84FB-50F5B8BC2A7D}" = Toshiba Video Converter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center "{F727EC42-3ECD-4CEA-B8D2-7497667AB689}" = TOSHIBA_Quad_Core_HD_Processor_Demo "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager "{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FFF4949A-3B77-452C-BC5E-F49C8FBA99CF}_is1" = Fifa 2010 "06B1BC2A663E3F5B7EBAD9000831FCE29C7CC24A" = Windows-Treiberpaket - TOSHIBA (mod7700) Media (04/21/2007 2.3.3.21) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.46 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Setup.divx.com" = DivX Setup "ElsterFormular ***unknown variable buildnummer***" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileRecovery for SD" = FileRecovery for SD "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "InstallShield_{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{DA29D017-6E24-481D-BC7C-2B69335A0B3A}" = TrueSuite Access Manager "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "InternetCalls_is1" = InternetCalls "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Corporate) "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "myphotobook" = myphotobook 3.6 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "PLP 10 " = PLP 10 "Profesor Klaus 5.0 - Słownictwo_is1" = Profesor Klaus 5.0 - Słownictwo "RealAlt_is1" = Real Alternative 2.0.1 "RealPlayer 12.0" = RealPlayer "Recuva" = Recuva "SkanerOnline" = Skaner on-line mks_vir "SopCast" = SopCast 3.2.4 "Tlen.pl" = Tlen.pl "TOSHIBA Software Modem" = TOSHIBA Software Modem "Totalcmd" = Total Commander (Remove or Repair) "TVAnts 1.0" = TVAnts 1.0 "Ultra RM Converter_is1" = Ultra RM Converter 5.1.0108 "vShare" = vShare Plugin "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Archiwizator WinRAR "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-02-01 13:44:07 | Computer Name = Karol-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2011-02-01 16:49:28 | Computer Name = Karol-Laptop | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2011-02-01 16:52:00 | Computer Name = Karol-Laptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x0003e13d, Prozess-ID 0xda4, Anwendungsstartzeit 01cbc237734a07a6. Error - 2011-02-01 18:24:17 | Computer Name = Karol-Laptop | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 2011-02-01 18:25:07 | Computer Name = Karol-Laptop | Source = Application Hang | ID = 1002 Description = Programm TosBt1st.exe, Version 6.0.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1318 Anfangszeit: 01cbc25ed0e7ecd9 Zeitpunkt der Beendigung: 15 Error - 2011-02-02 14:12:25 | Computer Name = Karol-Laptop | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 2011-02-02 14:13:35 | Computer Name = Karol-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2011-02-02 14:19:32 | Computer Name = Karol-Laptop | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 2011-02-02 14:21:02 | Computer Name = Karol-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2011-02-02 14:23:26 | Computer Name = Karol-Laptop | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 2011-02-02 19:15:54 | Computer Name = Karol-Laptop | Source = bowser | ID = 8003 Description = Error - 2011-02-03 03:02:51 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-03 07:20:07 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-03 13:56:44 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-03 14:17:21 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7034 Description = Error - 2011-02-03 14:25:50 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-03 17:33:02 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-04 12:37:58 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-05 07:01:17 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2011-02-06 06:07:19 | Computer Name = Karol-Laptop | Source = Service Control Manager | ID = 7000 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 06 Lut 2011, 15:48

nie ma tu nic tylko:

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

:Files
C:\Users\Karol\AppData\Roaming\mozilla\Firefox\Profiles\vwlb9580.default\extensions\vshare@toolbar

Kliknij wykonaj skrypt. I potwierdź reset komputera .

wykonaj optymalizację Windowsa (zwróć uwagę na autostart , bardzo dużo aplikacji włącza się na starcie i to one mogą mulić) , do tego odinstaluj Noda i zobacz jak działa komp...

**Posty:** 17 · przez **karolstr** 08 Lut 2011, 21:59

dzięki za pomoc.
Komp działa znacznie lepiej. Chyba to była wina Noda (chociaż używałem go długo i wcześniej nie było problemu)

Mógłbyś polecić jakiegoś darmowego antywirusa?
pozdrawiam i dziękuje

**Posty:** 18165 · przez **wojtas** 10 Lut 2011, 17:54

Avast 5 , Avira

pozdro

Kto jest na forum