Program menadzer zadan przestal działac

**Posty:** 110 · przez **cnx1234** 22 Wrz 2012, 10:53

Witam!
Po właczeniu kompa nagle nie otworzyło mi sie gg i pare programów, jak próbuje je wyłaczyc w menadzerze zadan to wyskakuje komunikat z tematu,
podsumowując nie moge zadnego programu wylaczyc z menadzeru zadan, dodatkowo jescze teraz pierwszy raz przy robieniu loga gmera wyskoczyl mi blue screnn Podpis problemu:

Kod: Zaznacz wszystko: Nazwa zdarzenia problemu: BlueScreen Wersja systemu operacyjnego: 6.1.7600.2.0.0.256.1 Identyfikator ustawień regionalnych: 1045 Dodatkowe informacje o problemie: BCCode: 50 BCP1: AD6F8000 BCP2: 00000000 BCP3: 82A447D3 BCP4: 00000000 OS Version: 6_1_7600 Service Pack: 0_0 Product: 256_1 Pliki pomagające opisać problem: C:\Windows\Minidump\092212-17862-01.dmp C:\Users\Norbert\AppData\Local\Temp\WER-43399-0.sysdata.xml

Extras OTL:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-09-21 22:59:20 - Run 3 OTL by OldTimer - Version 3.2.65.1 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,05% Memory free 4,00 Gb Paging File | 2,51 Gb Available in Paging File | 62,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,03 Gb Total Space | 1,58 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Drive D: | 74,37 Gb Total Space | 22,38 Gb Free Space | 30,10% Space Free | Partition Type: NTFS Computer Name: NORBERTKOMPUTER | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02501ED9-3B50-4924-AA99-0A74A61B7014}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{05813A7C-59B1-4846-9B2D-7EB85744A07E}" = lport=137 | protocol=17 | dir=in | app=system | "{0B12E644-0905-49A6-90B5-16BB9F2843C3}" = lport=138 | protocol=17 | dir=in | app=system | "{13F28E5A-2387-4B44-AB1B-75C38E6EC43E}" = rport=10243 | protocol=6 | dir=out | app=system | "{15D37DDC-9632-432E-9357-C34B31058E29}" = lport=445 | protocol=6 | dir=in | app=system | "{1EDBFD15-8BFB-4609-866E-7AEAA0728143}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{232E1C97-74B8-470E-8E2B-618666A2DB6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4199DDF1-FC58-4B68-AE89-C521A12A911A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4AF8F3AF-90B4-4C05-867F-884943B2CA72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FADF458-6F61-426C-BC5A-E9CBE76448AE}" = lport=10243 | protocol=6 | dir=in | app=system | "{630B881F-CB87-43B2-BF32-D2B9F64ABEDF}" = rport=445 | protocol=6 | dir=out | app=system | "{6D6592D8-6B48-4159-A789-5A2C1BF6B5B0}" = lport=139 | protocol=6 | dir=in | app=system | "{846CD4BF-4FD4-49C9-B3E3-737BCE9B6269}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{85DC5BA8-982F-4DAE-8F2D-BF94C415EB99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C81C8EF-9491-4F74-BBA7-9781120AF129}" = rport=139 | protocol=6 | dir=out | app=system | "{AC3D06F4-D085-475A-88F1-97FB9331265F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C61198B5-3755-4C3E-B3AB-0B1C0925F7B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0AE925E-3D11-4507-8330-0D9950E148BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6F88C68-1F3C-4559-A5A4-EA7302B6E4B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB6B35CD-CD05-4DD2-9080-8B5C38B654C8}" = rport=137 | protocol=17 | dir=out | app=system | "{E3EEB1DC-6C53-4269-B74B-434D2322C8B2}" = rport=138 | protocol=17 | dir=out | app=system | "{F120CF65-542C-4936-B5EE-E34BC4E353D1}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014D88DD-E043-4BBD-B566-3D0239515325}" = protocol=6 | dir=in | app=d:\progra~1\bittor~1\bittor~1.exe | "{01B11C0D-213A-4DF9-9B25-95D6DB46D90D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{12B207DC-29F7-4D92-9334-7BFEB0DD8C76}" = protocol=17 | dir=in | app=d:\progra~1\bittor~1\bittor~1.exe | "{189A9582-6127-4DE6-811F-63AF368205DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D1BE85A-31BC-43B5-A5E5-F55C7636F236}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\brojanow10\counter-strike\hl.exe | "{2896CCC7-A634-4B4D-B801-7C9DCF511147}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{34FD5658-08B0-46EA-BE9B-AAF732640B9B}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{3A1D3536-0138-4EAD-8F2D-D3BF65E16C94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3E0E467E-F6F4-4E9E-9F8B-879E13BF881C}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{476458C9-E59E-4D3A-B66C-435793027374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4969F4D0-36F1-45E3-A36D-15A6324C6129}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{6196F588-3DED-4E3E-B255-DA2E6F7618DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62E35BC4-FE2E-4594-A274-7802913AAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{70A354A7-9DDD-44CD-87CB-2D4C2E529E9F}" = protocol=6 | dir=out | app=system | "{7EF8F097-654F-4630-81EE-C482FA98447B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{800289B8-C35A-4FA2-9F50-8C038968C043}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{80105DE0-8F4F-4D46-87C1-EA895F6E4FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{82579D8D-31D9-40BB-A9C0-9D13BFC7F6F6}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{87353B89-8488-4FED-955F-13A58AC37004}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{89868DB5-41C4-4E8B-8E3D-4EEC3AE3B210}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{8CCC7C65-7A7E-484C-A8FA-1306D7C796B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90035D6E-F6D7-4E0E-BD16-B68CDAB9A004}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{93602F12-5FB7-4F17-8FA7-EEE7EEF69489}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96C43BFE-A5CA-4435-9DBF-97BD16D63F87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9DE0A977-6608-43D5-84D0-8B9214981BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B3AD345C-7A58-4053-8614-03B8789094EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA91DA7A-309B-486B-A017-1E0117E1F9F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C9692DED-78BC-427A-8695-FA51B76473CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\brojanow10\counter-strike\hl.exe | "{D9310E2B-DD8C-4344-B691-BC18CEC9DD37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DA056977-CFC4-4787-AB8E-4F78EAC9D791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1A694B0-2F11-4058-A51E-E3B39834CA4A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{EFC2A1C1-E529-41E3-A1D3-49694D98894E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F501DC98-F255-49E5-A57E-BB05DB3CF858}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAA2F397-E7C0-4409-A78C-6FF98AF0DFEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{0DABA946-0568-4A2C-9372-6645E68201AB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{2017F87E-B0FB-40D7-8AAA-2E61927335FA}D:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files\winamp\winamp.exe | "TCP Query User{27B5F07D-5226-48A9-B809-8A06CF806F67}D:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\call of duty- modern warfare 3\iw5mp_server.exe | "TCP Query User{2E413F29-48C4-4479-8DD6-B617AB52B157}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{311730B7-0BC0-4454-B082-0914A4E17EA8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{33567C55-8954-48D2-8CFE-ECE7F6C2C4FF}D:\program files\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "TCP Query User{4A1B327E-4133-4006-AC7A-EF6C8398FA5A}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{858DC55C-B778-4E70-9366-23204F307148}D:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{85D3C4AE-5078-4F40-B95C-17012490CDC7}C:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe" = protocol=6 | dir=in | app=c:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe | "TCP Query User{86230A39-8A92-4F34-8744-FA4922285369}D:\program files\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "TCP Query User{9066E893-AD46-45A9-8E71-CD4FDB94CCF3}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "TCP Query User{A868C1E4-F30C-4F09-91CF-45B3353670C7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{B0D09364-044A-4534-8EFE-AA6341004541}D:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files\winamp\winamp.exe | "TCP Query User{B6ED0133-C3F1-4737-A16C-7440D447A678}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "TCP Query User{F4B36BB2-A69D-4FFE-B345-68FDCAE0C769}\\toshiba\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=\\toshiba\fifa 12\game\fifa.exe | "UDP Query User{081FB11D-7C75-4A69-B736-478585475843}D:\program files\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "UDP Query User{0BFA8C15-D223-4CC3-A894-C9A7EB5D17E0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{2C221BD0-FE60-45D4-8942-22031C9C03F8}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "UDP Query User{57568CAB-2350-416A-A71E-C8BE130F602A}\\toshiba\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=\\toshiba\fifa 12\game\fifa.exe | "UDP Query User{63A7447B-2B8F-4354-AD8C-B710010616FE}D:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files\winamp\winamp.exe | "UDP Query User{71D67DEB-FC7F-447E-A4F0-21EA347FDF6D}D:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files\winamp\winamp.exe | "UDP Query User{759593F4-6CA5-4390-823B-2CCAA7F324C5}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{8B29536C-4DD3-49DE-A377-F1304B43291A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{8B3451CB-AA57-4A94-B7A6-1A828D592152}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "UDP Query User{8C7A3CC8-FA00-46E1-83B6-176EF4AC6A85}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{90187D94-99D6-45D7-9152-6A51AA9E6313}D:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\call of duty- modern warfare 3\iw5mp_server.exe | "UDP Query User{98477B8F-3778-48EF-865E-F38BE0615936}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{B705F981-9F3E-4C7D-A877-AAC77D93A657}D:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{C29FC681-BACF-4CB7-8133-6CF82825D7AC}D:\program files\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "UDP Query User{C5F7DF5E-2B37-430A-A675-A42342518181}C:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe" = protocol=17 | dir=in | app=c:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}" = Sound Blaster X-Fi Surround 5.1 Pro "{16F22B31-9893-414F-98E0-D02CBDC287C9}" = Debugging Tools for Windows "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{ACF5A3DC-D774-4991-860E-0B4D2C372BA6}" = BenQ Web Camera "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "BitTorrent" = BitTorrent "CCleaner" = CCleaner "DirectWave" = DirectWave "DJ Mix Pro" = DJ Mix Pro "Dolby Digital Live Pack" = Dolby Digital Live Pack "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FL Studio 10" = FL Studio 10 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Mozilla Firefox 8.0.1 (x86 pl)" = Mozilla Firefox 8.0.1 (x86 pl) "Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.02.1578" = Opera 12.02 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9 "SHOUTcast" = SHOUTcast DSP Plug-in v2 "Steam App 10" = Counter-Strike "Sylenth1_is1" = Sylenth1 v2.20 "SysInfo" = Creative System Information "Sytrus" = Sytrus "TeamSpeak 3 Client" = TeamSpeak 3 Client "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "ZhyperMU Season 6 Ultimate 6.00" = ZhyperMU Season 6 Ultimate 6.00 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2002624568-1494707077-3478833143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era "MediaGet" = Torrent-Client MediaGet "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-20 11:34:13 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: ESENT.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda4f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001133fa Identyfikator procesu powodującego błąd: 0x380 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9744bbd77cbf Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: c:\windows\system32\ESENT.dll Identyfikator raportu: a0d34aee-0338-11e2-b678-90e6bac92931 Error - 2012-09-21 08:26:02 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: ESENT.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda4f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001133fa Identyfikator procesu powodującego błąd: 0x394 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd97f3a5e80eb0 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: c:\windows\system32\ESENT.dll Identyfikator raportu: 816a0abc-03e7-11e2-8be0-90e6bac92931 Error - 2012-09-21 09:34:16 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x688 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd97f5b3dcd657 Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: 0961de62-03f1-11e2-8be0-90e6bac92931 Error - 2012-09-21 15:24:05 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Nazwa modułu powodującego błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00006893 Identyfikator procesu powodującego błąd: 0xad0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd982ea6676e7c Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskkill.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskkill.exe Identyfikator raportu: e7b30f48-0421-11e2-a762-90e6bac92931 Error - 2012-09-21 15:24:05 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Nazwa modułu powodującego błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00006893 Identyfikator procesu powodującego błąd: 0xab8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd982ea6676e7c Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskkill.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskkill.exe Identyfikator raportu: e7bb9ae8-0421-11e2-a762-90e6bac92931 Error - 2012-09-21 15:25:43 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Nazwa modułu powodującego błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00006893 Identyfikator procesu powodującego błąd: 0x868 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd982ee307ba7d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskkill.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskkill.exe Identyfikator raportu: 22466c99-0422-11e2-a762-90e6bac92931 Error - 2012-09-21 15:26:01 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Nazwa modułu powodującego błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000167ed Identyfikator procesu powodującego błąd: 0xe48 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd982ee9122481 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskmgr.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskmgr.exe Identyfikator raportu: 2ccd6edf-0422-11e2-a762-90e6bac92931 Error - 2012-09-21 15:26:17 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Nazwa modułu powodującego błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000167ed Identyfikator procesu powodującego błąd: 0x3ec Godzina uruchomienia aplikacji powodującej błąd: 0x01cd982ef5705eae Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskmgr.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskmgr.exe Identyfikator raportu: 363f5396-0422-11e2-a762-90e6bac92931 Error - 2012-09-21 15:35:53 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Nazwa modułu powodującego błąd: taskkill.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc9e7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00006893 Identyfikator procesu powodującego błąd: 0xec8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd98304de86e61 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskkill.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskkill.exe Identyfikator raportu: 8db0ebf2-0423-11e2-9b10-90e6bac92931 Error - 2012-09-21 15:36:39 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Nazwa modułu powodującego błąd: taskmgr.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc13c Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000167ed Identyfikator procesu powodującego błąd: 0xd9c Godzina uruchomienia aplikacji powodującej błąd: 0x01cd98305fc487f3 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\taskmgr.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\taskmgr.exe Identyfikator raportu: a93d53b5-0423-11e2-9b10-90e6bac92931 [ Media Center Events ] Error - 2012-05-17 14:56:22 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 20:56:22 - Nie można pobrać pakietu Directory (Błąd: Nie można połączyć się z serwerem zdalnym) Error - 2012-05-17 14:58:41 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 20:58:41 - Nie można pobrać pakietu MCESpotlight (Błąd: Połączenie podstawowe zostało zakończone: Wystąpił nieoczekiwany błąd przy odbiorze.) Error - 2012-09-13 07:58:07 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 13:58:06 - Błąd podczas nawiązywania połączenia z Internetem. 13:58:06 - Nie można skontaktować się z serwerem.. Error - 2012-09-13 07:58:17 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 13:58:12 - Błąd podczas nawiązywania połączenia z Internetem. 13:58:12 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa profilów użytkowników niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Harmonogram zadań niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa powiadamiania o zdarzeniach systemowych niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Wykrywanie sprzętu powłoki niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Kompozycje niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Instrumentacja zarządzania Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-09-21 16:15:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Update niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjnaVistaSp1Sytrus58: Uruchom usługę ponownie. Error - 2012-09-21 16:16:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Serwer, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-09-21 16:17:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Instrumentacja zarządzania Windows, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-09-21 16:17:19 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Przeglądarka komputera, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. < End of report >

otl txt

Kod: Zaznacz wszystko: OTL logfile created on: 2012-09-21 22:59:20 - Run 3 OTL by OldTimer - Version 3.2.65.1 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,05% Memory free 4,00 Gb Paging File | 2,51 Gb Available in Paging File | 62,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,03 Gb Total Space | 1,58 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Drive D: | 74,37 Gb Total Space | 22,38 Gb Free Space | 30,10% Space Free | Partition Type: NTFS Computer Name: NORBERTKOMPUTER | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-09-21 22:27:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012-09-19 17:30:42 | 000,049,152 | RHS- | M] () -- C:\Users\Norbert\xoausuf.exe PRC - [2012-09-03 18:29:07 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-05-15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012-05-15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-07-11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\Winamp\winampa.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-02-12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2007-07-23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2007-02-01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe PRC - [2004-04-09 13:29:54 | 000,307,273 | ---- | M] () -- C:\Program Files\Common Files\BenQCam\KillAmp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-09-19 17:30:42 | 000,049,152 | RHS- | M] () -- C:\Users\Norbert\xoausuf.exe MOD - [2012-09-03 18:29:08 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-09-03 18:29:08 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-09-03 18:29:08 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-09-03 18:29:08 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-09-03 18:29:08 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-09-03 18:29:08 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-09-03 18:29:08 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-09-03 18:29:08 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-09-03 18:29:08 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-09-03 18:29:08 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-09-03 18:29:08 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-09-03 18:29:08 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-09-03 18:29:08 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012-08-25 10:38:17 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll MOD - [2010-07-22 17:45:00 | 000,181,760 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009-12-29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL MOD - [2004-04-09 13:29:54 | 000,307,273 | ---- | M] () -- C:\Program Files\Common Files\BenQCam\KillAmp.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-09-21 22:36:54 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-08 09:57:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-12-07 17:52:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011-12-07 17:51:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010-02-12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Norbert\AppData\Local\Temp\kwwdqpoc.sys -- (kwwdqpoc) DRV - [2012-05-15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-07-30 03:32:44 | 001,255,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-05-13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2008-10-24 04:54:44 | 000,035,328 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2008-10-24 04:54:44 | 000,035,328 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2007-12-03 04:19:42 | 000,019,968 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-13 00:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-29 19:00:37 | 000,000,000 | ---D | M] [2011-10-19 16:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\Extensions [2012-06-10 11:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-06-10 11:16:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2012-05-13 00:56:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-25 16:40:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-07-11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-05-13 00:56:01 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-05-13 00:56:01 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-05-13 00:56:01 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-05-13 00:56:01 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-05-13 00:56:01 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-05-13 00:56:01 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: YouTube = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000..\Run: [xoausuf] C:\Users\Norbert\xoausuf.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.205.88.5 91.205.91.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24EC7EFD-5854-4A29-A56D-E37F8573928E}: DhcpNameServer = 91.205.88.5 91.205.91.205 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-09-21 22:13:38 | 000,000,000 | R--D | C] -- C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9 [2012-09-21 21:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2012-08-25 10:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-08-25 10:43:16 | 000,000,000 | ---D | C] -- C:\Users\Norbert\AppData\Local\Google [2012-08-25 10:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-09-21 22:58:49 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-09-21 22:36:57 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-09-21 22:36:50 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-09-21 22:36:50 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-09-21 22:16:20 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-09-21 22:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-09-21 22:11:15 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2012-09-21 22:10:46 | 000,013,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-21 22:10:45 | 000,013,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-21 21:51:21 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\OpenFM.lnk [2012-09-21 21:51:21 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-09-21 07:37:07 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-09-21 07:37:07 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-09-21 07:37:07 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-09-21 07:37:07 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-09-19 17:30:42 | 000,049,152 | RHS- | M] () -- C:\Users\Norbert\xoausuf.exe [2012-09-18 19:35:11 | 001,099,496 | ---- | M] () -- C:\Users\Norbert\Desktop\Far East Movement ft. Cover Drive - Turn Up The Love (LMFAO Extended Mix)www.party-sound.pl.mp3 [2012-09-18 17:29:22 | 000,235,565 | ---- | M] () -- C:\Users\Norbert\Documents\disssco.png [2012-09-18 17:21:43 | 000,249,420 | ---- | M] () -- C:\Users\Norbert\Desktop\dsc.png [2012-09-15 17:19:24 | 000,383,573 | ---- | M] () -- C:\Users\Norbert\Desktop\skin.jpg [2012-09-15 11:39:04 | 000,161,911 | ---- | M] () -- C:\Users\Norbert\Documents\Bez tytułu.png [2012-09-09 16:56:33 | 000,270,058 | ---- | M] () -- C:\Users\Norbert\Desktop\photo.htm [2012-09-05 16:55:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-28 22:47:45 | 000,000,072 | ---- | M] () -- C:\Users\Norbert\Desktop\atmosfera.pls [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-09-21 21:51:21 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\OpenFM.lnk [2012-09-21 21:51:21 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-09-21 21:51:11 | 000,000,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2012-09-19 17:30:42 | 000,049,152 | RHS- | C] () -- C:\Users\Norbert\xoausuf.exe [2012-09-18 19:35:04 | 001,099,496 | ---- | C] () -- C:\Users\Norbert\Desktop\Far East Movement ft. Cover Drive - Turn Up The Love (LMFAO Extended Mix)www.party-sound.pl.mp3 [2012-09-18 17:28:49 | 000,235,565 | ---- | C] () -- C:\Users\Norbert\Documents\disssco.png [2012-09-18 17:21:43 | 000,249,420 | ---- | C] () -- C:\Users\Norbert\Desktop\dsc.png [2012-09-15 17:19:24 | 000,383,573 | ---- | C] () -- C:\Users\Norbert\Desktop\skin.jpg [2012-09-15 11:38:35 | 000,161,911 | ---- | C] () -- C:\Users\Norbert\Documents\Bez tytułu.png [2012-09-09 16:56:33 | 000,270,058 | ---- | C] () -- C:\Users\Norbert\Desktop\photo.htm [2012-08-28 22:47:45 | 000,000,072 | ---- | C] () -- C:\Users\Norbert\Desktop\atmosfera.pls [2012-08-25 10:43:38 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-25 10:43:21 | 000,001,038 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-25 10:43:20 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-26 22:38:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012-06-15 23:32:50 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012-02-13 15:09:39 | 000,414,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011-12-19 19:04:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\MagDietUninstall.exe [2011-12-07 17:54:34 | 000,181,760 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011-12-07 17:54:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2011-12-07 17:54:10 | 000,044,795 | R--- | C] () -- C:\Windows\System32\kschimp.ini [2011-12-07 17:53:47 | 000,034,637 | ---- | C] () -- C:\Windows\System32\ksaud.ini [2011-12-07 17:53:47 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini [2011-10-19 20:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\directx.sys [2011-09-21 18:27:35 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2011-09-21 18:27:35 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2011-09-21 18:27:03 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2011-09-21 18:27:03 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011-09-17 13:26:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-09-17 13:23:10 | 000,017,223 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011-09-17 12:50:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-09-17 12:50:43 | 000,012,163 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-09-08 19:43:40 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\LocalLow\Microsoft\Silverlight\is\qg0ndum1.q2m\3qeayk5e.4nx\1\l [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [color=#E56717]========== LOP Check ==========[/color] [2012-09-07 01:00:31 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\BitTorrent [2012-02-15 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\DAEMON Tools Lite [2011-09-17 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Gadu-Gadu 10 [2011-10-31 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Image-Line [2011-09-17 21:42:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\LolClient [2012-05-25 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\LolClient2 [2011-09-17 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Media Get LLC [2011-11-14 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\OpenFM [2011-09-17 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Opera [2012-02-13 21:12:54 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Publish Providers [2012-07-25 22:40:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\QuickStoresToolbar [2012-02-13 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Sony [2012-06-25 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\TS3Client [color=#E56717]========== Purity Check ==========[/color] < End of report >

Gmer:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-22 10:52:26 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 Maxtor_6B120P0 rev.BAH41B70 Running: gyfm80sr.exe; Driver: C:\Users\Norbert\AppData\Local\Temp\kwwdqpoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A47579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text autochk.exe 004111D1 3 Bytes [44, 12, 41] .text autochk.exe 004111D5 2 Bytes [8D, 49] .text autochk.exe 004111D8 3 Bytes [3B, 12, 41] {CMP EDX, [EDX]; INC ECX} .text autochk.exe 004111DC 3 Bytes [28, 12, 41] {SUB [EDX], DL; INC ECX} .text autochk.exe 004111E0 3 Bytes [20, 12, 41] {AND [EDX], DL; INC ECX} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[148] ntdll.dll!LdrLoadDll 77BAF585 5 Bytes JMP 67B23690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\2011-07-04 19\Users\Public\Desktop\Google ChromeMozilla Firefox\firefox.exe[148] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[148] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Windows\system32\taskhost.exe[636] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Windows\system32\taskhost.exe[636] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2084] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2084] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[2144] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Windows\system32\Dwm.exe[2144] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2336] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2336] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[2364] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[2364] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Windows\System32\rundll32.exe[2392] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Windows\System32\rundll32.exe[2392] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[2408] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[2408] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2452] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2452] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text D:\Program Files\Winamp\winampa.exe[2620] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text D:\Program Files\Winamp\winampa.exe[2620] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Common Files\BenQCam\KillAmp.exe[2908] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Common Files\BenQCam\KillAmp.exe[2908] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2948] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2948] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe[3068] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe[3068] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] .text C:\Program Files\Opera\opera.exe[3520] kernel32.dll!TerminateProcess 75FE509B 1 Byte [C3] .text C:\Program Files\Opera\opera.exe[3520] kernel32.dll!TerminateThread 75FF2DE5 1 Byte [C3] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2168] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3748] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3748] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3748] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3748] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BF5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000042 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0xF3 0xDD 0x51 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0xF3 0xDD 0x51 ... Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}@ AutoCaption Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\ProxyStubClsid Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\ProxyStubClsid@ {00020424-0000-0000-C800-000080000046} Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\ProxyStubClsid;2 Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\ProxyStubClsid;2@ {00020424-0000-0000-C000-000080000046} Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\TypeLib Reg HKLM\SOFTWARE\Classes\Interface\{0002097B-0000-0000-C080-000008000046}\TypeLib@Version 8.4 Reg HKLM\SOFTWARE\Classes\Interface\{0002097C-0000-0000-C080-000000000046}@ Indexes ---- EOF - GMER 1.0.15 ----

dll (Microsoft GDI+/Microsoft Corporation)
IAT C2392

**Posty:** 72 · przez **ytaszey** 22 Wrz 2012, 12:15

W Panelu Sterowania odinstaluj QuickStores-Toolbar. W razie problemów kontynuuj.

Uruchom OTL. W okno Własne opcje skanowana / skrypt wklej (zaczynając od dwukropka)

:OTL
[2012-06-10 11:16:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000..\Run: [xoausuf] C:\Users\Norbert\xoausuf.exe ()

:Files
C:\Users\Norbert\xoausuf.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=dword:00000000

:Commands
[emptytemp]

Kliknij Wykonaj skrypt. Zgódź się na ponowne uruchomienie (restart).
Po wszystkim pokazujesz nowy log Skanuj i raport z usuwania OTL.

Przeskanuj http://www.freedrweb.com/cureit/?lng=en

**Posty:** 110 · przez **cnx1234** 22 Wrz 2012, 14:09

raport :

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully. Registry value HKEY_USERS\S-1-5-21-2002624568-1494707077-3478833143-1000\Software\Microsoft\Windows\CurrentVersion\Run\\xoausuf deleted successfully. C:\Users\Norbert\xoausuf.exe moved successfully. ========== FILES ========== File\Folder C:\Users\Norbert\xoausuf.exe not found. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|dword:00000000 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|dword:00000000 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"**del.DisableTaskMgr"|" " /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\"DisableTaskMgr"|dword:00000000 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Norbert ->Temp folder emptied: 184540575 bytes ->Temporary Internet Files folder emptied: 25810093 bytes ->Java cache emptied: 15568417 bytes ->FireFox cache emptied: 44755725 bytes ->Google Chrome cache emptied: 30254190 bytes ->Opera cache emptied: 77203905 bytes ->Flash cache emptied: 60201 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1619120 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10448353 bytes RecycleBin emptied: 9100230283 bytes Total Files Cleaned = 9 051,00 mb OTL by OldTimer - Version 3.2.65.1 log created on 09222012_140037 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

i z czego nowy log ? dr web czy otl ?

**Posty:** 72 · przez **ytaszey** 22 Wrz 2012, 14:12

Daj nowy log z dr.web, z otl i daj znać czy problemy ustąpiły.

Autor postu otrzymał pochwałę

**Posty:** 110 · przez **cnx1234** 04 Paź 2012, 22:27

jednak nie jest dobrze wszystko, muli strasznie dalej przy zwyklym odswiezaniu pulpitu wykorzystanie procka 50%, nawet muza jak leci to tnie co jakis czas. Z dr web nie wykrylo zadnego wirusa ani nic. a to OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-10-03 15:47:49 - Run 4 OTL by OldTimer - Version 3.2.65.1 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,91% Memory free 4,00 Gb Paging File | 2,62 Gb Available in Paging File | 65,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,03 Gb Total Space | 5,04 Gb Free Space | 12,60% Space Free | Partition Type: NTFS Drive D: | 74,37 Gb Total Space | 26,90 Gb Free Space | 36,17% Space Free | Partition Type: NTFS Computer Name: NORBERTKOMPUTER | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-09-21 22:27:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012-09-03 18:29:07 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-05-15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012-05-15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-07-11 23:48:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\Winamp\winamp.exe PRC - [2011-07-11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\Winamp\winampa.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- D:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-10-13 18:41:50 | 022,738,669 | ---- | M] (Atomix Productions) -- C:\Users\Norbert\Desktop\virtualdj_pro.exe PRC - [2010-02-12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2007-07-23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2007-02-01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe PRC - [2004-04-09 13:29:54 | 000,307,273 | ---- | M] () -- C:\Program Files\Common Files\BenQCam\KillAmp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-10-03 15:39:22 | 000,323,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\winamp.lng MOD - [2012-10-03 15:39:22 | 000,161,792 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\vis_milk2.lng MOD - [2012-10-03 15:39:22 | 000,087,552 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\vis_avs.lng MOD - [2012-10-03 15:39:22 | 000,054,272 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_local.lng MOD - [2012-10-03 15:39:22 | 000,046,592 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_pmp.lng MOD - [2012-10-03 15:39:22 | 000,041,984 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_wifi.lng MOD - [2012-10-03 15:39:22 | 000,036,864 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ombrowser.lng MOD - [2012-10-03 15:39:22 | 000,016,896 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\out_ds.lng MOD - [2012-10-03 15:39:22 | 000,014,336 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_wire.lng MOD - [2012-10-03 15:39:22 | 000,014,336 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_online.lng MOD - [2012-10-03 15:39:22 | 000,013,312 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_playlists.lng MOD - [2012-10-03 15:39:22 | 000,012,800 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_plg.lng MOD - [2012-10-03 15:39:22 | 000,010,752 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_usb.lng MOD - [2012-10-03 15:39:22 | 000,010,752 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_android.lng MOD - [2012-10-03 15:39:22 | 000,009,216 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_downloads.lng MOD - [2012-10-03 15:39:22 | 000,008,704 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_history.lng MOD - [2012-10-03 15:39:22 | 000,008,192 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_transcode.lng MOD - [2012-10-03 15:39:22 | 000,007,680 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\vis_nsfs.lng MOD - [2012-10-03 15:39:22 | 000,007,168 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\out_wave.lng MOD - [2012-10-03 15:39:22 | 000,006,656 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_ipod.lng MOD - [2012-10-03 15:39:22 | 000,006,144 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\tagz.lng MOD - [2012-10-03 15:39:22 | 000,006,144 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\out_disk.lng MOD - [2012-10-03 15:39:22 | 000,005,632 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_rg.lng MOD - [2012-10-03 15:39:22 | 000,005,120 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_impex.lng MOD - [2012-10-03 15:39:22 | 000,004,608 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_activesync.lng MOD - [2012-10-03 15:39:22 | 000,004,096 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_p4s.lng MOD - [2012-10-03 15:39:22 | 000,004,096 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_orb.lng MOD - [2012-10-03 15:39:22 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\winampa.lng MOD - [2012-10-03 15:39:22 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\pmp_njb.lng MOD - [2012-10-03 15:39:22 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_nowplaying.lng MOD - [2012-10-03 15:39:22 | 000,003,072 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\playlist.lng MOD - [2012-10-03 15:39:21 | 000,047,616 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_disc.lng MOD - [2012-10-03 15:39:21 | 000,022,528 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_mp3.lng MOD - [2012-10-03 15:39:21 | 000,020,992 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_midi.lng MOD - [2012-10-03 15:39:21 | 000,018,432 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_mod.lng MOD - [2012-10-03 15:39:21 | 000,014,848 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_wm.lng MOD - [2012-10-03 15:39:21 | 000,013,312 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_cdda.lng MOD - [2012-10-03 15:39:21 | 000,011,264 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_vorbis.lng MOD - [2012-10-03 15:39:21 | 000,011,264 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_nsv.lng MOD - [2012-10-03 15:39:21 | 000,008,192 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_devices.lng MOD - [2012-10-03 15:39:21 | 000,007,680 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_tray.lng MOD - [2012-10-03 15:39:21 | 000,007,168 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_autotag.lng MOD - [2012-10-03 15:39:21 | 000,007,168 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_dshow.lng MOD - [2012-10-03 15:39:21 | 000,007,168 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_orgler.lng MOD - [2012-10-03 15:39:21 | 000,006,144 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_flac.lng MOD - [2012-10-03 15:39:21 | 000,005,632 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_wave.lng MOD - [2012-10-03 15:39:21 | 000,005,120 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_bookmarks.lng MOD - [2012-10-03 15:39:21 | 000,005,120 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_avi.lng MOD - [2012-10-03 15:39:21 | 000,004,608 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_mp4.lng MOD - [2012-10-03 15:39:21 | 000,004,608 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_mkv.lng MOD - [2012-10-03 15:39:21 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\ml_addons.lng MOD - [2012-10-03 15:39:21 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_swf.lng MOD - [2012-10-03 15:39:21 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_linein.lng MOD - [2012-10-03 15:39:21 | 000,003,584 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\in_flv.lng MOD - [2012-10-03 15:39:20 | 000,040,448 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_jumpex.lng MOD - [2012-10-03 15:39:20 | 000,021,504 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_ml.lng MOD - [2012-10-03 15:39:20 | 000,011,264 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_hotkeys.lng MOD - [2012-10-03 15:39:19 | 000,022,016 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_ff.lng MOD - [2012-10-03 15:39:19 | 000,007,168 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\gen_crasher.lng MOD - [2012-10-03 15:39:19 | 000,006,144 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\enc_wma.lng MOD - [2012-10-03 15:39:19 | 000,004,096 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\enc_wav.lng MOD - [2012-10-03 15:39:18 | 000,066,560 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\burnlib.lng MOD - [2012-10-03 15:39:18 | 000,012,800 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\dsp_sps.lng MOD - [2012-10-03 15:39:18 | 000,011,264 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\auth.lng MOD - [2012-10-03 15:39:18 | 000,006,656 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\enc_fhgaac.lng MOD - [2012-10-03 15:39:18 | 000,005,632 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\enc_lame.lng MOD - [2012-10-03 15:39:18 | 000,004,096 | ---- | M] () -- C:\Users\Norbert\AppData\Local\Temp\WLZ1A53.tmp\enc_flac.lng MOD - [2012-09-03 18:29:08 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-09-03 18:29:08 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-09-03 18:29:08 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-09-03 18:29:08 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-09-03 18:29:08 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-09-03 18:29:08 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-09-03 18:29:08 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-09-03 18:29:08 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-09-03 18:29:08 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-09-03 18:29:08 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-09-03 18:29:08 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-09-03 18:29:08 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-09-03 18:29:08 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012-08-25 10:38:17 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012-07-29 19:00:39 | 001,737,728 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_ff.dll MOD - [2012-07-29 19:00:39 | 000,623,616 | ---- | M] () -- D:\Program Files\Winamp\System\jnetlib.w5s MOD - [2012-07-29 19:00:39 | 000,410,624 | ---- | M] () -- D:\Program Files\Winamp\nsutil.dll MOD - [2012-07-29 19:00:39 | 000,340,992 | ---- | M] () -- D:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac MOD - [2012-07-29 19:00:39 | 000,313,344 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_wm.dll MOD - [2012-07-29 19:00:39 | 000,312,832 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_ml.dll MOD - [2012-07-29 19:00:39 | 000,293,376 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_local.dll MOD - [2012-07-29 19:00:39 | 000,285,696 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_mp3.dll MOD - [2012-07-29 19:00:39 | 000,253,440 | ---- | M] () -- D:\Program Files\Winamp\libsndfile.dll MOD - [2012-07-29 19:00:39 | 000,252,416 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_vorbis.dll MOD - [2012-07-29 19:00:39 | 000,249,856 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_devices.dll MOD - [2012-07-29 19:00:39 | 000,240,640 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_pmp.dll MOD - [2012-07-29 19:00:39 | 000,200,192 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_disc.dll MOD - [2012-07-29 19:00:39 | 000,183,808 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_jumpex.dll MOD - [2012-07-29 19:00:39 | 000,174,080 | ---- | M] () -- D:\Program Files\Winamp\System\auth.w5s MOD - [2012-07-29 19:00:39 | 000,170,496 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_ipod.dll MOD - [2012-07-29 19:00:39 | 000,165,376 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_mod.dll MOD - [2012-07-29 19:00:39 | 000,154,624 | ---- | M] () -- D:\Program Files\Winamp\System\jpeg.w5s MOD - [2012-07-29 19:00:39 | 000,124,928 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_online.dll MOD - [2012-07-29 19:00:39 | 000,118,272 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_p4s.dll MOD - [2012-07-29 19:00:39 | 000,113,152 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_wifi.dll MOD - [2012-07-29 19:00:39 | 000,109,568 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_midi.dll MOD - [2012-07-29 19:00:39 | 000,103,936 | ---- | M] () -- D:\Program Files\Winamp\System\png.w5s MOD - [2012-07-29 19:00:39 | 000,102,400 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_cdda.dll MOD - [2012-07-29 19:00:39 | 000,090,112 | ---- | M] () -- D:\Program Files\Winamp\System\xml.w5s MOD - [2012-07-29 19:00:39 | 000,084,480 | ---- | M] () -- D:\Program Files\Winamp\System\playlist.w5s MOD - [2012-07-29 19:00:39 | 000,083,968 | ---- | M] () -- D:\Program Files\Winamp\tataki.dll MOD - [2012-07-29 19:00:39 | 000,083,456 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_plg.dll MOD - [2012-07-29 19:00:39 | 000,082,944 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_playlists.dll MOD - [2012-07-29 19:00:39 | 000,078,848 | ---- | M] () -- D:\Program Files\Winamp\nde.dll MOD - [2012-07-29 19:00:39 | 000,074,752 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_nsv.dll MOD - [2012-07-29 19:00:39 | 000,072,192 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_dshow.dll MOD - [2012-07-29 19:00:39 | 000,068,608 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_avi.dll MOD - [2012-07-29 19:00:39 | 000,060,928 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_android.dll MOD - [2012-07-29 19:00:39 | 000,060,928 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_flac.dll MOD - [2012-07-29 19:00:39 | 000,057,344 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_impex.dll MOD - [2012-07-29 19:00:39 | 000,057,344 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_orgler.dll MOD - [2012-07-29 19:00:39 | 000,053,760 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_usb.dll MOD - [2012-07-29 19:00:39 | 000,052,224 | ---- | M] () -- D:\Program Files\Winamp\Plugins\out_ds.dll MOD - [2012-07-29 19:00:39 | 000,052,224 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_history.dll MOD - [2012-07-29 19:00:39 | 000,050,688 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_mp4.dll MOD - [2012-07-29 19:00:39 | 000,049,152 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_mkv.dll MOD - [2012-07-29 19:00:39 | 000,047,616 | ---- | M] () -- D:\Program Files\Winamp\zlib.dll MOD - [2012-07-29 19:00:39 | 000,044,544 | ---- | M] () -- D:\Program Files\Winamp\System\devices.w5s MOD - [2012-07-29 19:00:39 | 000,043,008 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_flv.dll MOD - [2012-07-29 19:00:39 | 000,035,328 | ---- | M] () -- D:\Program Files\Winamp\System\timer.w5s MOD - [2012-07-29 19:00:39 | 000,033,792 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_rg.dll MOD - [2012-07-29 19:00:39 | 000,031,744 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_transcode.dll MOD - [2012-07-29 19:00:39 | 000,028,672 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_autotag.dll MOD - [2012-07-29 19:00:39 | 000,027,648 | ---- | M] () -- D:\Program Files\Winamp\Plugins\ml_bookmarks.dll MOD - [2012-07-29 19:00:39 | 000,027,648 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_hotkeys.dll MOD - [2012-07-29 19:00:39 | 000,025,600 | ---- | M] () -- D:\Program Files\Winamp\Plugins\gen_tray.dll MOD - [2012-07-29 19:00:39 | 000,023,552 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_swf.dll MOD - [2012-07-29 19:00:39 | 000,023,040 | ---- | M] () -- D:\Program Files\Winamp\System\albumart.w5s MOD - [2012-07-29 19:00:39 | 000,022,528 | ---- | M] () -- D:\Program Files\Winamp\Plugins\out_disk.dll MOD - [2012-07-29 19:00:39 | 000,021,504 | ---- | M] () -- D:\Program Files\Winamp\System\tagz.w5s MOD - [2012-07-29 19:00:39 | 000,020,480 | ---- | M] () -- D:\Program Files\Winamp\Plugins\pmp_njb.dll MOD - [2012-07-29 19:00:39 | 000,019,456 | ---- | M] () -- D:\Program Files\Winamp\System\gif.w5s MOD - [2012-07-29 19:00:39 | 000,019,456 | ---- | M] () -- D:\Program Files\Winamp\System\bmp.w5s MOD - [2012-07-29 19:00:39 | 000,018,432 | ---- | M] () -- D:\Program Files\Winamp\Plugins\out_wave.dll MOD - [2012-07-29 19:00:39 | 000,016,896 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_wave.dll MOD - [2012-07-29 19:00:39 | 000,016,896 | ---- | M] () -- D:\Program Files\Winamp\System\dlmgr.w5s MOD - [2012-07-29 19:00:39 | 000,016,384 | ---- | M] () -- D:\Program Files\Winamp\System\gracenote.w5s MOD - [2012-07-29 19:00:39 | 000,014,336 | ---- | M] () -- D:\Program Files\Winamp\System\filereader.w5s MOD - [2012-07-29 19:00:39 | 000,013,824 | ---- | M] () -- D:\Program Files\Winamp\System\primo.w5s MOD - [2012-07-29 19:00:39 | 000,007,168 | ---- | M] () -- D:\Program Files\Winamp\Plugins\in_linein.dll MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\zlib1.dll MOD - [2010-07-22 17:45:00 | 000,181,760 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009-12-29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL MOD - [2009-04-12 15:10:58 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\VideoTransition\default.dll MOD - [2007-10-04 16:37:26 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\brake.dll MOD - [2007-10-04 16:35:40 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\backspin.dll MOD - [2006-08-07 10:11:56 | 000,557,056 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\BeatGrid.dll MOD - [2004-04-27 04:36:58 | 000,045,056 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\overloop.dll MOD - [2004-04-09 13:29:54 | 000,307,273 | ---- | M] () -- C:\Program Files\Common Files\BenQCam\KillAmp.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-09-21 22:36:54 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-08 09:57:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-05-15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-12-07 17:52:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011-12-07 17:51:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010-02-12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012-05-15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-07-30 03:32:44 | 001,255,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-05-13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2008-10-24 04:54:44 | 000,035,328 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2008-10-24 04:54:44 | 000,035,328 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2007-12-03 04:19:42 | 000,019,968 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-13 00:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-29 19:00:37 | 000,000,000 | ---D | M] [2011-10-19 16:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\Extensions [2012-06-10 11:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-05-13 00:56:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-25 16:40:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-07-11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-05-13 00:56:01 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-05-13 00:56:01 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-05-13 00:56:01 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-05-13 00:56:01 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-05-13 00:56:01 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-05-13 00:56:01 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstre2012-09-03 1839 | 000,016,896 | ---- | Mdll MOD - aming.dll CHR - Extension: YouTube = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2002624568-1494707077-3478833143-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.205.88.5 91.205.91.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24EC7EFD-5854-4A29-A56D-E37F8573928E}: DhcpNameServer = 91.205.88.5 91.205.91.205 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-10-03 15:34:11 | 000,000,000 | R--D | C] -- C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9 [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-10-03 15:47:24 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-10-03 15:35:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-10-03 15:33:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-10-03 15:33:50 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2012-10-02 23:53:06 | 000,013,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-10-02 23:53:06 | 000,013,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-10-02 22:58:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-09-27 20:02:07 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-09-25 14:42:57 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-09-25 14:42:57 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-09-25 14:42:57 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-09-25 14:42:57 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-09-22 18:26:31 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\OpenFM.lnk [2012-09-22 18:26:31 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-09-21 22:36:50 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-09-21 22:36:50 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-09-18 19:35:11 | 001,099,496 | ---- | M] () -- C:\Users\Norbert\Desktop\Far East Movement ft. Cover Drive - Turn Up The Love (LMFAO Extended Mix)www.party-sound.pl.mp3 [2012-09-18 17:29:22 | 000,235,565 | ---- | M] () -- C:\Users\Norbert\Documents\disssco.png [2012-09-18 17:21:43 | 000,249,420 | ---- | M] () -- C:\Users\Norbert\Desktop\dsc.png [2012-09-15 17:19:24 | 000,383,573 | ---- | M] () -- C:\Users\Norbert\Desktop\skin.jpg [2012-09-15 11:39:04 | 000,161,911 | ---- | M] () -- C:\Users\Norbert\Documents\Bez tytułu.png [2012-09-09 16:56:33 | 000,270,058 | ---- | M] () -- C:\Users\Norbert\Desktop\photo.htm [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-09-22 18:26:31 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\OpenFM.lnk [2012-09-22 18:26:31 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-09-22 18:26:23 | 000,000,678 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2012-09-18 19:35:04 | 001,099,496 | ---- | C] () -- C:\Users\Norbert\Desktop\Far East Movement ft. Cover Drive - Turn Up The Love (LMFAO Extended Mix)www.party-sound.pl.mp3 [2012-09-18 17:28:49 | 000,235,565 | ---- | C] () -- C:\Users\Norbert\Documents\disssco.png [2012-09-18 17:21:43 | 000,249,420 | ---- | C] () -- C:\Users\Norbert\Desktop\dsc.png [2012-09-15 17:19:24 | 000,383,573 | ---- | C] () -- C:\Users\Norbert\Desktop\skin.jpg [2012-09-15 11:38:35 | 000,161,911 | ---- | C] () -- C:\Users\Norbert\Documents\Bez tytułu.png [2012-09-09 16:56:33 | 000,270,058 | ---- | C] () -- C:\Users\Norbert\Desktop\photo.htm [2012-07-26 22:38:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012-06-15 23:32:50 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012-02-13 15:09:39 | 000,414,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011-12-19 19:04:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\MagDietUninstall.exe [2011-12-07 17:54:34 | 000,181,760 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011-12-07 17:54:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2011-12-07 17:54:10 | 000,044,795 | R--- | C] () -- C:\Windows\System32\kschimp.ini [2011-12-07 17:53:47 | 000,034,637 | ---- | C] () -- C:\Windows\System32\ksaud.ini [2011-12-07 17:53:47 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini [2011-10-19 20:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\directx.sys [2011-09-21 18:27:35 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2011-09-21 18:27:35 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2011-09-21 18:27:03 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2011-09-21 18:27:03 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011-09-17 13:26:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-09-17 13:23:10 | 000,017,223 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011-09-17 12:50:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011-09-17 12:50:43 | 000,012,163 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [color=#E56717]========== LOP Check ==========[/color] [2012-09-07 01:00:31 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\BitTorrent [2012-02-15 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\DAEMON Tools Lite [2011-09-17 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Gadu-Gadu 10 [2011-10-31 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Image-Line [2011-09-17 21:42:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\LolClient [2012-05-25 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\LolClient2 [2011-09-17 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Media Get LLC [2011-11-14 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\OpenFM [2011-09-17 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Opera [2012-02-13 21:12:54 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Publish Providers [2012-02-13 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Sony [2012-06-25 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\TS3Client [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-10-03 15:47:49 - Run 4 OTL by OldTimer - Version 3.2.65.1 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,91% Memory free 4,00 Gb Paging File | 2,62 Gb Available in Paging File | 65,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40,03 Gb Total Space | 5,04 Gb Free Space | 12,60% Space Free | Partition Type: NTFS Drive D: | 74,37 Gb Total Space | 26,90 Gb Free Space | 36,17% Space Free | Partition Type: NTFS Computer Name: NORBERTKOMPUTER | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02501ED9-3B50-4924-AA99-0A74A61B7014}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{05813A7C-59B1-4846-9B2D-7EB85744A07E}" = lport=137 | protocol=17 | dir=in | app=system | "{0B12E644-0905-49A6-90B5-16BB9F2843C3}" = lport=138 | protocol=17 | dir=in | app=system | "{13F28E5A-2387-4B44-AB1B-75C38E6EC43E}" = rport=10243 | protocol=6 | dir=out | app=system | "{15D37DDC-9632-432E-9357-C34B31058E29}" = lport=445 | protocol=6 | dir=in | app=system | "{1EDBFD15-8BFB-4609-866E-7AEAA0728143}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{232E1C97-74B8-470E-8E2B-618666A2DB6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4199DDF1-FC58-4B68-AE89-C521A12A911A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4AF8F3AF-90B4-4C05-867F-884943B2CA72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FADF458-6F61-426C-BC5A-E9CBE76448AE}" = lport=10243 | protocol=6 | dir=in | app=system | "{630B881F-CB87-43B2-BF32-D2B9F64ABEDF}" = rport=445 | protocol=6 | dir=out | app=system | "{6D6592D8-6B48-4159-A789-5A2C1BF6B5B0}" = lport=139 | protocol=6 | dir=in | app=system | "{846CD4BF-4FD4-49C9-B3E3-737BCE9B6269}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{85DC5BA8-982F-4DAE-8F2D-BF94C415EB99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C81C8EF-9491-4F74-BBA7-9781120AF129}" = rport=139 | protocol=6 | dir=out | app=system | "{AC3D06F4-D085-475A-88F1-97FB9331265F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C61198B5-3755-4C3E-B3AB-0B1C0925F7B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0AE925E-3D11-4507-8330-0D9950E148BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6F88C68-1F3C-4559-A5A4-EA7302B6E4B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB6B35CD-CD05-4DD2-9080-8B5C38B654C8}" = rport=137 | protocol=17 | dir=out | app=system | "{E3EEB1DC-6C53-4269-B74B-434D2322C8B2}" = rport=138 | protocol=17 | dir=out | app=system | "{F120CF65-542C-4936-B5EE-E34BC4E353D1}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014D88DD-E043-4BBD-B566-3D0239515325}" = protocol=6 | dir=in | app=d:\progra~1\bittor~1\bittor~1.exe | "{01B11C0D-213A-4DF9-9B25-95D6DB46D90D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{12B207DC-29F7-4D92-9334-7BFEB0DD8C76}" = protocol=17 | dir=in | app=d:\progra~1\bittor~1\bittor~1.exe | "{189A9582-6127-4DE6-811F-63AF368205DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D1BE85A-31BC-43B5-A5E5-F55C7636F236}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\brojanow10\counter-strike\hl.exe | "{2896CCC7-A634-4B4D-B801-7C9DCF511147}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{34FD5658-08B0-46EA-BE9B-AAF732640B9B}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{3A1D3536-0138-4EAD-8F2D-D3BF65E16C94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3E0E467E-F6F4-4E9E-9F8B-879E13BF881C}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{476458C9-E59E-4D3A-B66C-435793027374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4969F4D0-36F1-45E3-A36D-15A6324C6129}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{6196F588-3DED-4E3E-B255-DA2E6F7618DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62E35BC4-FE2E-4594-A274-7802913AAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{70A354A7-9DDD-44CD-87CB-2D4C2E529E9F}" = protocol=6 | dir=out | app=system | "{7EF8F097-654F-4630-81EE-C482FA98447B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{800289B8-C35A-4FA2-9F50-8C038968C043}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{80105DE0-8F4F-4D46-87C1-EA895F6E4FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{82579D8D-31D9-40BB-A9C0-9D13BFC7F6F6}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{87353B89-8488-4FED-955F-13A58AC37004}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{89868DB5-41C4-4E8B-8E3D-4EEC3AE3B210}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{8CCC7C65-7A7E-484C-A8FA-1306D7C796B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90035D6E-F6D7-4E0E-BD16-B68CDAB9A004}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{93602F12-5FB7-4F17-8FA7-EEE7EEF69489}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96C43BFE-A5CA-4435-9DBF-97BD16D63F87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9DE0A977-6608-43D5-84D0-8B9214981BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B3AD345C-7A58-4053-8614-03B8789094EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA91DA7A-309B-486B-A017-1E0117E1F9F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C9692DED-78BC-427A-8695-FA51B76473CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\brojanow10\counter-strike\hl.exe | "{D9310E2B-DD8C-4344-B691-BC18CEC9DD37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DA056977-CFC4-4787-AB8E-4F78EAC9D791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1A694B0-2F11-4058-A51E-E3B39834CA4A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{EFC2A1C1-E529-41E3-A1D3-49694D98894E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F501DC98-F255-49E5-A57E-BB05DB3CF858}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAA2F397-E7C0-4409-A78C-6FF98AF0DFEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{0DABA946-0568-4A2C-9372-6645E68201AB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{18E83AB4-7854-49E1-9664-DC279CA16244}D:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\program files\gadu-gadu 10\gg.exe | "TCP Query User{2017F87E-B0FB-40D7-8AAA-2E61927335FA}D:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files\winamp\winamp.exe | "TCP Query User{27B5F07D-5226-48A9-B809-8A06CF806F67}D:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=d:\call of duty- modern warfare 3\iw5mp_server.exe | "TCP Query User{2E413F29-48C4-4479-8DD6-B617AB52B157}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{311730B7-0BC0-4454-B082-0914A4E17EA8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{33567C55-8954-48D2-8CFE-ECE7F6C2C4FF}D:\program files\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "TCP Query User{4A1B327E-4133-4006-AC7A-EF6C8398FA5A}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{6ADEE185-ACE2-4F4F-9A60-1B09F3F8DDE7}D:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\program files\gadu-gadu 10\gg.exe | "TCP Query User{858DC55C-B778-4E70-9366-23204F307148}D:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{85D3C4AE-5078-4F40-B95C-17012490CDC7}C:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe" = protocol=6 | dir=in | app=c:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe | "TCP Query User{86230A39-8A92-4F34-8744-FA4922285369}D:\program files\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "TCP Query User{9066E893-AD46-45A9-8E71-CD4FDB94CCF3}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "TCP Query User{A868C1E4-F30C-4F09-91CF-45B3353670C7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{B0D09364-044A-4534-8EFE-AA6341004541}D:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files\winamp\winamp.exe | "TCP Query User{B6ED0133-C3F1-4737-A16C-7440D447A678}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "TCP Query User{F4B36BB2-A69D-4FFE-B345-68FDCAE0C769}\\toshiba\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=\\toshiba\fifa 12\game\fifa.exe | "UDP Query User{081FB11D-7C75-4A69-B736-478585475843}D:\program files\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "UDP Query User{0BFA8C15-D223-4CC3-A894-C9A7EB5D17E0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{2C221BD0-FE60-45D4-8942-22031C9C03F8}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "UDP Query User{57568CAB-2350-416A-A71E-C8BE130F602A}\\toshiba\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=\\toshiba\fifa 12\game\fifa.exe | "UDP Query User{63A7447B-2B8F-4354-AD8C-B710010616FE}D:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files\winamp\winamp.exe | "UDP Query User{71D67DEB-FC7F-447E-A4F0-21EA347FDF6D}D:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files\winamp\winamp.exe | "UDP Query User{759593F4-6CA5-4390-823B-2CCAA7F324C5}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{8B29536C-4DD3-49DE-A377-F1304B43291A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{8B3451CB-AA57-4A94-B7A6-1A828D592152}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe | "UDP Query User{8C7A3CC8-FA00-46E1-83B6-176EF4AC6A85}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{8ECE80B5-8CEE-4FB3-B515-333163569CE0}D:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\program files\gadu-gadu 10\gg.exe | "UDP Query User{90187D94-99D6-45D7-9152-6A51AA9E6313}D:\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=d:\call of duty- modern warfare 3\iw5mp_server.exe | "UDP Query User{98477B8F-3778-48EF-865E-F38BE0615936}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{B705F981-9F3E-4C7D-A877-AAC77D93A657}D:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{C29FC681-BACF-4CB7-8133-6CF82825D7AC}D:\program files\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\cstrike.exe | "UDP Query User{C5F7DF5E-2B37-430A-A675-A42342518181}C:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe" = protocol=17 | dir=in | app=c:\users\norbert\downloads\heroes of might and magic iii complete\heroes3.exe | "UDP Query User{F707004D-E564-45E6-BEB0-F18408E5826A}D:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}" = Sound Blaster X-Fi Surround 5.1 Pro "{16F22B31-9893-414F-98E0-D02CBDC287C9}" = Debugging Tools for Windows "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{ACF5A3DC-D774-4991-860E-0B4D2C372BA6}" = BenQ Web Camera "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "BitTorrent" = BitTorrent "CCleaner" = CCleaner "DirectWave" = DirectWave "DJ Mix Pro" = DJ Mix Pro "Dolby Digital Live Pack" = Dolby Digital Live Pack "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FL Studio 10" = FL Studio 10 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Mozilla Firefox 8.0.1 (x86 pl)" = Mozilla Firefox 8.0.1 (x86 pl) "Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.02.1578" = Opera 12.02 "reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9 "SHOUTcast" = SHOUTcast DSP Plug-in v2 "Steam App 10" = Counter-Strike "Sylenth1_is1" = Sylenth1 v2.20 "SysInfo" = Creative System Information "Sytrus" = Sytrus "TeamSpeak 3 Client" = TeamSpeak 3 Client "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "ZhyperMU Season 6 Ultimate 6.00" = ZhyperMU Season 6 Ultimate 6.00 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2002624568-1494707077-3478833143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era "MediaGet" =2011-09-21 18\program files\winamp\winamp Torrent-Client MediaGet "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-28 08:35:27 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x6e8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9d7292535d31 Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: fad184a9-0968-11e2-a338-90e6bac92931 Error - 2012-09-28 08:51:39 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x5d0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9d75c26faad7 Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: 3e1c8eec-096b-11e2-a338-90e6bac92931 Error - 2012-09-28 09:03:03 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0xe38 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9d7802cbc78a Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: d5d393c8-096c-11e2-a338-90e6bac92931 Error - 2012-09-29 03:44:33 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: ESENT.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda4f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0004f6b4 Identyfikator procesu powodującego błąd: 0x374 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9e14db2a57c8 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: c:\windows\system32\ESENT.dll Identyfikator raportu: 81f63ce0-0a09-11e2-9f79-90e6bac92931 Error - 2012-09-29 03:45:20 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x430 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9e15abb441c3 Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: 9dd88e15-0a09-11e2-9f79-90e6bac92931 Error - 2012-09-29 05:40:05 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x974 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9e20b30c6e1a Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: a597740f-0a19-11e2-9f79-90e6bac92931 Error - 2012-09-29 16:24:13 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x1c88 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9e7e85081326 Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: a1de14ac-0a73-11e2-9eaa-90e6bac92931 Error - 2012-09-29 16:59:53 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Heroes3.exe, wersja: 4.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: MP3DEC.ASI, wersja: 3.0.0.0, sygnatura czasowa: 0x36910efa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000076f1 Identyfikator procesu powodującego błąd: 0x1fc0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9e806f8a9c8c Ścieżka aplikacji powodującej błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\Heroes3.exe Ścieżka modułu powodującego błąd: C:\Users\Norbert\Downloads\Heroes of Might and Magic III Complete\MP3DEC.ASI Identyfikator raportu: 9d3346df-0a78-11e2-9eaa-90e6bac92931 Error - 2012-09-30 04:31:23 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: ESENT.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda4f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001133fa Identyfikator procesu powodującego błąd: 0x378 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9ee551b7de0c Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: c:\windows\system32\ESENT.dll Identyfikator raportu: 36ef6cb1-0ad9-11e2-9f46-90e6bac92931 Error - 2012-10-01 10:40:11 | Computer Name = NorbertKomputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: ESENT.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bda4f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001133fa Identyfikator procesu powodującego błąd: 0x384 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd9fe1e58fe961 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: c:\windows\system32\ESENT.dll Identyfikator raportu: e7022705-0bd5-11e2-b9ab-90e6bac92931 [ Media Center Events ] Error - 2012-05-17 14:56:22 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 20:56:22 - Nie można pobrać pakietu Directory (Błąd: Nie można połączyć się z serwerem zdalnym) Error - 2012-05-17 14:58:41 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 20:58:41 - Nie można pobrać pakietu MCESpotlight (Błąd: Połączenie podstawowe zostało zakończone: Wystąpił nieoczekiwany błąd przy odbiorze.) Error - 2012-09-13 07:58:07 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 13:58:06 - Błąd podczas nawiązywania połączenia z Internetem. 13:58:06 - Nie można skontaktować się z serwerem.. Error - 2012-09-13 07:58:17 | Computer Name = NorbertKomputer | Source = MCUpdate | ID = 0 Description = 13:58:12 - Błąd podczas nawiązywania połączenia z Internetem. 13:58:12 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2012-10-03 09:46:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa powiadamiania o zdarzeniach systemowych niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-10-03 09:46:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Wykrywanie sprzętu powłoki niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-10-03 09:46:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Kompozycje niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-10-03 09:46:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Instrumentacja zarządzania Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-10-03 09:46:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Update niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-10-03 09:47:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Serwer, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-10-03 09:48:00 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Przeglądarka komputera, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-10-03 09:48:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Usługa profilów użytkowników, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-10-03 09:48:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Harmonogram klas multimediów, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2012-10-03 09:48:01 | Computer Name = NorbertKomputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Instrumentacja zarządzania Windows, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. < End of report >

3

**Posty:** 18165 · przez **wojtas** 08 Paź 2012, 16:37

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu

Klikasz prawym przyciskiem myszy na Mój komputer => Właściwości => Sprzęt => Menadżer urządzeń => Kontrolery IDE ATA/ATAPI => Podstawowy kanał IDE => Ustawienia zaawansowane i sprawdź czy dysk pracuje w trybie PIO czy DMA. Sprawdz tez w pomocniczym kanale IDE. Jeśli w którymś kanale jest tryb PIO to klikasz na niego PPM i Odinstaluj. Po restarcie sprawdz czy jest lepiej