Log z GMER:
- Kod: Zaznacz wszystko
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 00:33:37
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FC2O
Running: uuvbf661.exe; Driver: C:\DOCUME~1\Maciek\USTAWI~1\Temp\pwacykoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA6B6ACF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA6B6ABAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA6B6B160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA6B6B08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA6B6A782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA6B6AC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA6B6A6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA6B6A726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA6B6ADA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA6B6B22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA6B6AD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA6B6AEE6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA6B77BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA6B779D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA6B77B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 80584160 7 Bytes JMP A6B77B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3C8 7 Bytes JMP A6B779D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A6B735D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A6B74FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A6B77BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1632] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1884] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat A527BD20
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x94 0x92 0xE7 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0x70 0x79 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x94 0x92 0xE7 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0x70 0x79 0x4E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\40B8D8DFDAEB55A4AAD1262D73E3D7AE\Usage@statusexe 1055472844
---- EOF - GMER 1.0.15 ----
LOGi z OTL
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-07-09 19:29:07 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,59% Memory free
3,84 Gb Paging File | 3,33 Gb Available in Paging File | 86,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 46,61 Gb Free Space | 31,29% Space Free | Partition Type: NTFS
Computer Name: MACIEK-E83C343A | User Name: Maciek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8303:UDP" = 8303:UDP:*:Enabled:teeworlds
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\gnutella\gnutella.exe" = C:\Program Files\gnutella\gnutella.exe:*:Enabled:gnutella
"C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" = C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp:*:Enabled:kazaalite
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\OpenVPN\bin\openvpn.exe" = C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl
"C:\Documents and Settings\Maciek\Pulpit\teeworlds-0.5.2-win32\teeworlds_srv.exe" = C:\Documents and Settings\Maciek\Pulpit\teeworlds-0.5.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv
"C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\SaberRD.exe" = C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\SaberRD.exe:*:Enabled:SaberRD
"C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\aimsh.exe" = C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\aimsh.exe:*:Enabled:aimsh
"C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\sitk_s.exe" = C:\Synopsys\SaberRD_StudentEdition\E-2010.09\SaberRD\bin\sitk_s.exe:*:Enabled:sitk_s
"C:\Documents and Settings\Maciek\Pulpit\multiproxy\MProxy.exe" = C:\Documents and Settings\Maciek\Pulpit\multiproxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server
"D:\D-Link.exe" = D:\D-Link.exe:*:Enabled:Setup Wizard Template
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Maciek\Pulpit\q\TerrariaServer.exe" = C:\Documents and Settings\Maciek\Pulpit\q\TerrariaServer.exe:*:Enabled:Terraria
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth
"C:\Sierra\Empire Earth - Sztuka Podboju\EE-AOC.exe" = C:\Sierra\Empire Earth - Sztuka Podboju\EE-AOC.exe:*:Enabled:EE-AOC
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DE075DB-4218-4B2C-A35E-48D80BA680BB}" = Heroes of Might and Magic V
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3096C412-7636-45FD-9074-F596F4417076}" = AKVIS Retoucher
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8344A25F-E0F5-4541-95F7-04051D48633F}" = Tibiacast
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.3 - Polish
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D98C0C51-F9BB-4EE4-B791-22BF6EE31045}" = Nero 7 Ultra Edition
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder Seria 9
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}" = XP Repair Pro 4.0
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Narzędzie bezprzewodowej karty sieciowej Dell WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Heroes III Armageddon's Blade" = Heroes III Armageddon's Blade
"Heroes III The Restoration of Erathia" = Heroes III The Restoration of Erathia
"Heroes III The Shadow of Death" = Heroes III The Shadow of Death
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer cenzura! Program 9.0
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"MatlabR2009a" = MATLAB R2009a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Modular Amusement Park Pack (MAPP) - Coasters" = Modular Amusement Park Pack (MAPP) - Coasters 1.0
"MoorHunt_is1" = MoorHunt 0.6.7.2
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OmniGSoft Mini-Sportsbike 1.0 for Smartphone" = OmniGSoft Mini-Sportsbike 1.0 for Smartphone
"OmniGSoft Mini-TransCanada 1.3 for Smartphone" = OmniGSoft Mini-TransCanada 1.3 for Smartphone
"PSpice Student" = PSpice Student 9.1
"RealPlayer 12.0" = RealPlayer
"SkanerOnline" = Skaner on-line mks_vir
"Tibia_is1" = Tibia
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"TrojanHunter_is1" = TrojanHunter 5.3
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebEditor_is1" = WebEditor 1.4.0
"Winamp" = Winamp
"WinAVI Video Converter 10.5_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder Seria 9
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiwizator WinRAR
"Worms World Party for Smartphone" = Worms World Party for Smartphone
"x12a_is1" = X-12-ARIMA version 0.3 build 188
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2011-06-29 11:13:07 | Computer Name = MACIEK-E83C343A | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd retoucher.exe, wersja 4.0.724.7058, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.
Error - 2011-07-05 05:22:22 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2011-07-05 07:05:55 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2011-07-05 07:07:38 | Computer Name = MACIEK-E83C343A | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd h5_game.exe, wersja 1.0.0.27, moduł powodujący
błąd h5_game.exe, wersja 1.0.0.27, adres błędu 0x0015e982.
Error - 2011-07-07 04:24:21 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2005
Description = Nie można odczytać danych wydajności z usługi Server. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server. Zwrócony kod stanu to dane DWORD
0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2011-07-07 04:24:21 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2006
Description = Nie można odczytać danych wydajności z usługi Server Queue. W tej próbce
nie zostaną zwrócone dane wydajności usługi Server Queue. Zwrócony kod stanu to
dane DWORD 0, IOSB.Status to dane DWORD 1 a IOSB.Information to dane DWORD 2.
Error - 2011-07-07 13:12:33 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2011-07-08 03:54:37 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2011-07-09 05:13:55 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2011-07-09 12:11:57 | Computer Name = MACIEK-E83C343A | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
[ System Events ]
Error - 2011-07-09 11:43:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2011-07-09 12:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.DebugCRT; ostatni
błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2011-07-09 12:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.DebugCRT.
Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2011-07-09 12:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2011-07-09 12:43:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.DebugCRT; ostatni
błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2011-07-09 12:43:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.DebugCRT.
Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2011-07-09 12:43:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2011-07-09 13:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.DebugCRT; ostatni
błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2011-07-09 13:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.DebugCRT.
Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2011-07-09 13:13:41 | Computer Name = MACIEK-E83C343A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
< End of report >
- Kod: Zaznacz wszystko
OTL logfile created on: 2011-07-09 19:29:07 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,59% Memory free
3,84 Gb Paging File | 3,33 Gb Available in Paging File | 86,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 46,61 Gb Free Space | 31,29% Space Free | Partition Type: NTFS
Computer Name: MACIEK-E83C343A | User Name: Maciek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011-07-09 17:43:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie\uuvbf661.exe
PRC - [2011-07-09 17:43:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2011-06-23 16:51:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-11-28 01:20:09 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010-10-23 05:47:12 | 001,070,360 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\THGuard.exe
PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-03-29 21:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008-07-29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-12-14 11:51:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007-12-14 11:44:46 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007-12-14 11:43:08 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007-12-14 11:43:00 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007-05-16 09:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-05-16 09:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2011-07-09 17:43:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-03-25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008-07-29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (o2flash)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010-11-08 23:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-10-24 18:00:30 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008-07-29 10:11:30 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008-06-12 09:30:12 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008-02-14 18:45:00 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-12-14 11:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-11-14 17:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
IE - HKU\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
IE - HKU\S-1-5-21-682003330-448539723-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110630
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "w3chache.sgh.waw.pl"
FF - prefs.js..network.proxy.backup.ftp: "w3chache.sgh.waw.pl"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "w3chache.sgh.waw.pl"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "w3chache.sgh.waw.pl"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "w3chache.sgh.waw.pl"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "w3cache.sgh.waw.pl"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "w3cache.sgh.waw.pl"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "w3cache.sgh.waw.pl"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "w3cache.sgh.waw.pl"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "w3cache.sgh.waw.pl"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-08 00:22:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-23 16:51:21 | 000,000,000 | ---D | M]
[2010-11-09 22:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions
[2011-07-09 01:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions
[2011-07-07 10:46:11 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010-09-28 11:43:25 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2011-07-07 10:46:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-07-07 10:46:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-03-26 11:42:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011-06-18 13:25:21 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010-07-28 19:44:49 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011-07-07 10:46:06 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\extensions\nasanightlaunch@example.com
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\searchplugins\BearShareWebSearch.xml
[2010-08-25 15:14:53 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\f2swzncp.default\searchplugins\daemon-search.xml
[2011-07-09 01:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-08-20 11:30:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-28 11:32:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-20 15:38:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010-08-20 11:30:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-08-01 13:08:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011-03-18 12:25:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011-03-18 12:25:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-05-09 18:55:26 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011-03-18 12:25:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-18 12:25:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-03-18 12:25:33 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-18 12:25:33 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-11-09 22:50:43 | 000,161,317 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 abcsearch.com
O1 - Hosts: 127.0.0.1 admin.abcsearch.com
O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 127.0.0.1 www.abcsearch.com
O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames]
O1 - Hosts: 127.0.0.1 www.actualnames.com
O1 - Hosts: 127.0.0.1 ad-up.com
O1 - Hosts: 127.0.0.1 www.ad-up.com
O1 - Hosts: 127.0.0.1 adatom.com
O1 - Hosts: 127.0.0.1 aesp.adatom.com
O1 - Hosts: 127.0.0.1 adbest.com
O1 - Hosts: 127.0.0.1 adserv.adbonus.com
O1 - Hosts: 127.0.0.1 www.adbonus.com
O1 - Hosts: 127.0.0.1 www.adblaster2.info #[Restricted Zone site]
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 www.adcept.net
O1 - Hosts: 127.0.0.1 adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcopy.info
O1 - Hosts: 127.0.0.1 ads.adcorps.com
O1 - Hosts: 4671 more lines...
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Maciek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found
O3 - HKU\S-1-5-21-682003330-448539723-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-682003330-448539723-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-448539723-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.244.128.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-07-28 18:01:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-04-26 21:02:24 | 000,676,158 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O33 - MountPoints2\{7cc18e41-f955-11df-b1ac-00225f68836a}\Shell\AutoRun\command - "" = albkpq3.exe
O33 - MountPoints2\{7cc18e41-f955-11df-b1ac-00225f68836a}\Shell\open\Command - "" = albkpq3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011-07-09 17:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TrojanHunter
[2011-07-09 17:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TrojanHunter
[2011-07-09 17:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2011-07-06 10:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tibia
[2011-07-06 10:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tibiacast
[2011-07-06 10:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Tibiacast
[2011-07-06 10:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibiacast
[2011-07-06 10:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia
[2011-07-05 23:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Airfix Dogfighter
[2011-07-05 01:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Arthur.2011.DVDRip.XviD-TARGET
[2011-07-05 01:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Unknown.2011.DVDRiP.XViD.AC3-IMAGiNE
[2011-07-05 01:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Inwazja Bitwa o Los Angeles_by_Punisher1214_for_www.haszkod.pl
[2011-07-04 18:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ubisoft
[2011-07-04 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011-07-03 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Limitless.2011.BDRip.RC.XviD_by_Cpt. Alex Mason
[2011-06-30 15:38:09 | 000,000,000 | ---D | C] -- C:\Sierra
[2011-06-29 16:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\AKVIS
[2011-06-29 16:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-06-29 16:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AKVIS
[2011-06-29 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\AKVIS
[2011-06-29 16:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
[2011-06-22 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Total Video Converter
[2011-06-22 13:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2011-06-11 13:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PSpice Student
[2011-06-11 13:35:21 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011-06-11 13:35:21 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2011-06-11 13:35:21 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2011-06-11 13:35:21 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2011-06-11 13:35:21 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2011-06-11 13:35:21 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2011-06-11 13:35:21 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll
[2011-06-11 13:35:21 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2011-06-11 13:35:20 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2011-06-11 13:35:20 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2011-06-11 13:35:20 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll
[2011-06-11 13:35:20 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll
[2011-06-11 13:35:20 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2011-06-11 13:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2011-06-11 13:35:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2011-06-11 13:34:55 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011-06-11 13:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\psspice
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maciek\*.tmp files -> C:\Documents and Settings\Maciek\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011-07-09 19:32:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-448539723-1417001333-1003UA.job
[2011-07-09 19:27:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-09 18:12:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-09 18:11:51 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-09 18:11:51 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-448539723-1417001333-1003.job
[2011-07-09 18:10:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-09 17:41:11 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2011-07-09 17:41:11 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\TrojanHunter.lnk
[2011-07-09 11:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-448539723-1417001333-1003Core.job
[2011-07-08 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MACIEK-E83C343A-Maciek.job
[2011-07-06 21:18:00 | 000,493,568 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Tibiacast Installer.msi
[2011-07-06 21:18:00 | 000,467,456 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\setup.exe
[2011-07-06 10:25:44 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2011-07-06 00:12:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-07-04 20:21:19 | 000,000,058 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2011-07-04 19:05:48 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V.lnk
[2011-07-04 18:59:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\SI.bin
[2011-06-30 15:46:44 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011-06-30 15:46:44 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011-06-30 15:46:44 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011-06-30 11:37:25 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Google Chrome.lnk
[2011-06-29 16:55:04 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AKVIS Retoucher.lnk
[2011-06-29 10:59:52 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2011-06-27 02:13:11 | 743,313,792 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\firma-rangoo.avi
[2011-06-26 23:02:03 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-25 20:47:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-448539723-1417001333-1003.job
[2011-06-24 19:30:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-06-23 09:09:45 | 003,582,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-22 13:30:37 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Total Video Converter.lnk
[2011-06-22 13:30:37 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Total Video Player.lnk
[2011-06-16 16:08:36 | 000,560,046 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-06-16 16:08:36 | 000,497,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-16 16:08:36 | 000,106,946 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-06-16 16:08:36 | 000,086,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-16 09:46:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-12 19:51:58 | 000,003,016 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI
[2011-06-12 14:27:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Maciek\LIB1.NAP
[2011-06-12 12:31:13 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Maciek\PROBE.prb
[2011-06-11 13:49:02 | 000,000,859 | ---- | M] () -- C:\WINDOWS\msim.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maciek\*.tmp files -> C:\Documents and Settings\Maciek\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011-07-09 17:41:11 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\TrojanHunter.lnk
[2011-07-09 17:41:05 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2011-07-06 10:25:52 | 000,493,568 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Tibiacast Installer.msi
[2011-07-06 10:25:52 | 000,467,456 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\setup.exe
[2011-07-06 10:25:44 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2011-07-05 01:12:11 | 743,313,792 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\firma-rangoo.avi
[2011-07-04 19:05:48 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V.lnk
[2011-07-04 18:59:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2011-06-30 15:38:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011-06-29 16:55:04 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AKVIS Retoucher.lnk
[2011-06-24 19:30:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-06-22 13:30:37 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Total Video Converter.lnk
[2011-06-22 13:30:37 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Total Video Player.lnk
[2011-06-12 14:27:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maciek\LIB1.NAP
[2011-06-11 13:49:39 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Maciek\PROBE.prb
[2011-06-11 13:35:21 | 000,003,016 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2011-06-11 13:35:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2011-06-11 13:35:20 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2011-06-11 13:35:20 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2011-06-11 13:35:20 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2011-06-11 13:35:20 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2011-06-11 13:35:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2011-06-11 13:35:20 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2011-06-11 13:35:20 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2011-06-11 13:35:20 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2011-06-11 13:35:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2011-06-11 13:35:20 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2011-06-11 13:35:20 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2011-06-11 13:35:20 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2011-06-11 13:35:20 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2011-06-11 13:35:20 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2011-06-11 13:35:20 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2011-06-05 15:25:24 | 000,000,859 | ---- | C] () -- C:\WINDOWS\msim.ini
[2011-04-27 18:11:17 | 000,122,884 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010-12-12 00:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Urncbc.dll
[2010-11-13 01:20:40 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-11-13 01:20:40 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-11-12 21:10:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Preferencje Adobe CS5 dla formatu PNG
[2010-10-29 22:48:23 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\$_hpcst$.hpc
[2010-10-19 20:08:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2010-10-13 16:41:48 | 000,153,319 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2010-10-13 16:41:48 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2010-08-26 23:12:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-08-25 13:45:33 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-08-03 12:49:36 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-28 20:44:06 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-07-28 20:44:06 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-07-28 20:44:06 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010-07-28 19:55:57 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-07-28 19:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-07-28 19:34:52 | 003,582,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-28 19:19:20 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010-07-28 19:19:19 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010-07-28 19:19:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010-07-28 19:19:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010-07-28 19:01:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-07-28 18:42:40 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010-07-28 18:42:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010-07-28 18:42:40 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010-07-28 18:03:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-07-28 17:59:09 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-04-15 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-15 14:00:00 | 000,560,046 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2008-04-15 14:00:00 | 000,497,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-15 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2008-04-15 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-15 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-15 14:00:00 | 000,106,946 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2008-04-15 14:00:00 | 000,086,250 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-15 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-15 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2008-04-15 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-15 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-15 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-15 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005-04-15 18:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005-04-15 18:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[color=#E56717]========== LOP Check ==========[/color]
[2010-07-28 22:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-08-25 15:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-07-28 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-11-09 22:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
[2010-08-30 13:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters Inc
[2010-10-24 19:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe
[2011-06-29 17:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-07-09 17:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrojanHunter
[2010-10-08 08:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip
[2010-08-10 15:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-01-28 20:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\abgx360
[2010-08-25 15:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools Lite
[2010-10-16 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Dev-Cpp
[2011-05-10 09:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\facemoods.com
[2010-07-28 20:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu 10
[2011-06-04 19:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\GetRightToGo
[2011-04-17 12:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\gretl
[2011-04-17 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\gtk-2.0
[2010-12-13 21:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\HD Tune Pro
[2011-01-24 18:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Macro Recorder
[2010-11-27 02:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Nowe Gadu-Gadu
[2011-03-07 20:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Soldat
[2011-01-30 00:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011-03-07 20:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Teeworlds
[2011-07-06 10:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tibia
[2011-07-06 10:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tibiacast
[2011-06-21 19:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent
[2010-11-09 22:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\WinAVI
[2011-06-04 19:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\WinMacro
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B6AC352B
< End of report >
