Laptop uruchamia się kilka minut, na dodatek po jakimś czasie strasznie się nagrzewa, wentylatory pracują na pełnej mocy, a i tak następuje samoczynne wyłączenie systemu. Laptop chodzi na Viście 32-bitowej. Być może w grę wchodzi (jeśli chodzi o to przegrzewanie) uszkodzony (zatarty) wentylator, ale chciałbym się upewnić, czy odpadają problemy software'owe.
Z góry dziękuję
Poniżej logi:
OTL
- Kod: Zaznacz wszystko
OTL logfile created on: 2011-04-16 10:41:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Bartusiątko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,96 Gb Total Space | 162,39 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive D: | 8,13 Gb Total Space | 1,51 Gb Free Space | 18,60% Space Free | Partition Type: NTFS
Computer Name: GOSIA-LAPTOP | User Name: Bartusiątko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011-04-16 10:39:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bartusiątko\Downloads\OTL.exe
PRC - [2011-02-11 13:50:29 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2010-10-30 20:59:29 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 20:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe
PRC - [2008-04-15 20:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008-04-15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-04-15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-03-26 18:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe
PRC - [2008-03-26 15:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008-03-12 19:24:52 | 000,699,456 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008-03-12 19:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008-02-12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2008-02-03 14:58:17 | 000,116,064 | ---- | M] (AOL LLC) -- c:\Program Files\AOL\Pasek narzędzi AOL 5.0\AolTbServer.exe
PRC - [2008-01-21 04:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
PRC - [2008-01-16 17:56:50 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008-01-16 17:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2011-04-16 10:39:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bartusiątko\Downloads\OTL.exe
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011-01-09 20:55:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-10-30 20:59:29 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009-08-24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008-04-15 20:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008-04-15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-03-26 18:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008-03-26 15:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-03-12 19:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008-02-12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011-03-30 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110415.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-03-30 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110415.035\NAVENG.SYS -- (NAVENG)
DRV - [2011-03-14 20:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110415.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011-03-08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011-01-03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-01-03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011-01-03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010-12-21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010-12-21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010-12-21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010-10-30 20:59:44 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-10-30 20:59:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010-10-30 20:59:30 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010-10-30 20:59:30 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010-10-30 20:59:30 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010-10-30 20:59:30 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010-10-30 20:59:30 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010-10-30 20:59:30 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010-10-30 20:59:30 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010-10-30 20:59:30 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010-10-30 04:26:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-10-30 04:26:20 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-10-25 18:30:16 | 000,016,384 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2008-05-23 05:29:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-05-23 05:29:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008-04-28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Sterownik karty Intel(R)
DRV - [2008-04-15 20:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-04-15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-04-01 13:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-03-27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008-03-27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008-03-26 18:28:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008-01-24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2007-07-11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2002-12-24 22:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cfadisk.sys -- (cfadisk)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010-10-31 10:38:39 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2674282103-2939610760-715724567-1002\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2674282103-2939610760-715724567-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2674282103-2939610760-715724567-1002..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011-04-16 10:24:18 | 000,000,000 | ---D | C] -- C:\Users\Bartusiątko\AppData\Roaming\HP
[2011-04-14 15:37:29 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011-04-14 15:37:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011-04-14 15:37:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011-04-14 15:37:21 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011-04-14 15:37:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011-04-14 15:36:56 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011-04-14 15:36:56 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-04-14 15:36:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-04-14 15:36:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-04-14 15:36:55 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-04-14 15:36:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011-04-14 15:36:51 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-04-14 15:36:47 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-04-14 15:36:47 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-03-31 21:45:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011-03-31 21:28:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011-03-31 21:28:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011-03-31 21:28:28 | 000,136,680 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011-03-31 21:28:28 | 000,121,192 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011-03-31 21:28:28 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011-03-31 21:28:28 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011-03-31 21:28:28 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011-03-31 21:27:48 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2011-03-31 21:27:48 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2011-03-31 21:27:47 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2011-03-31 21:27:47 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2011-03-31 21:27:47 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2011-03-31 21:27:47 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2011-03-31 21:27:47 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2011-03-31 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011-03-31 21:25:42 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011-03-31 21:25:02 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011-03-31 21:25:02 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2011-03-31 21:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011-03-31 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011-03-31 21:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011-03-26 16:07:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-03-26 16:07:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-03-26 16:07:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-03-23 15:31:17 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-03-23 15:31:17 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-03-17 23:06:30 | 000,178,072 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2011-03-17 23:06:28 | 000,030,632 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011-04-16 10:46:30 | 000,786,432 | -HS- | M] () -- C:\Users\Bartusiątko\NTUSER.DAT
[2011-04-16 10:28:59 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2674282103-2939610760-715724567-1000UA.job
[2011-04-16 10:24:16 | 000,000,483 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011-04-16 10:24:09 | 000,085,881 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011-04-16 10:23:09 | 000,085,881 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011-04-16 10:22:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-04-16 10:22:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-04-16 10:22:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-04-16 10:22:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-04-16 10:22:12 | 2144,555,008 | -HS- | M] () -- C:\hiberfil.sys
[2011-04-15 21:52:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-04-15 21:29:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2674282103-2939610760-715724567-1000Core.job
[2011-04-15 21:03:59 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2674282103-2939610760-715724567-1001UA.job
[2011-04-15 18:06:38 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-04-15 18:06:38 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-04-15 18:06:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-04-15 18:06:38 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-04-15 18:06:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-04-15 17:51:20 | 001,656,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-04-15 17:00:23 | 000,524,288 | -HS- | M] () -- C:\Users\Bartusiątko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011-04-15 17:00:23 | 000,065,536 | -HS- | M] () -- C:\Users\Bartusiątko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011-04-10 18:21:17 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGosia.job
[2011-03-31 21:37:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011-03-17 23:06:30 | 000,178,072 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2011-03-17 23:06:28 | 000,030,632 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011-03-31 21:37:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011-03-08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-03-08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-03-08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-03-08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-03-08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-03-04 21:22:02 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011-01-14 18:48:58 | 000,000,680 | ---- | C] () -- C:\Users\Bartusiątko\AppData\Local\d3d9caps.dat
[2011-01-08 16:13:40 | 000,070,744 | ---- | C] () -- C:\Users\Bartusiątko\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-11-11 15:11:16 | 000,153,374 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010-11-11 15:11:16 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010-10-31 20:13:12 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-10-31 20:12:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010-10-31 20:12:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010-10-31 20:11:52 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2010-10-31 10:19:24 | 001,519,883 | -H-- | C] () -- C:\Users\Bartusiątko\AppData\Local\IconCache.db
[2010-10-30 23:10:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010-10-30 20:49:32 | 000,676,224 | ---- | C] () -- C:\Windows\System32\ogacheckcontrol.dll
[2010-10-30 19:51:59 | 000,085,881 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-10-30 19:51:35 | 000,085,881 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-10-30 19:36:45 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008-07-03 09:27:58 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2008-07-03 09:27:58 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2008-07-03 09:27:58 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2008-07-03 09:27:58 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2008-01-21 04:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2007-11-14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 001,656,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 001,495,264 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006-11-02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:31 | 000,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006-03-09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010-10-31 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bartusiątko\AppData\Roaming\DigitalPersona
[2010-10-30 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\DigitalPersona
[2010-12-18 04:27:46 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu 10
[2010-10-31 11:21:23 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\HEXelon
[2011-03-31 21:23:15 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Samsung
[2011-01-30 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\Sławuś\AppData\Roaming\DigitalPersona
[2010-10-30 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\Vertex\AppData\Roaming\DigitalPersona
[2011-04-15 21:52:23 | 000,032,530 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Extras:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-04-16 10:41:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Bartusiątko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,96 Gb Total Space | 162,39 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive D: | 8,13 Gb Total Space | 1,51 Gb Free Space | 18,60% Space Free | Partition Type: NTFS
Computer Name: GOSIA-LAPTOP | User Name: Bartusiątko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08557D38-86D9-4425-9E7A-94CC128BE3B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{17CAE0F5-2D12-4A19-86C4-28AE056AD17E}" = lport=445 | protocol=6 | dir=in | app=system |
"{31A69845-83BE-4A17-8498-560289316562}" = rport=138 | protocol=17 | dir=out | app=system |
"{648888EF-F05C-4E75-ABCF-E6B4D4196253}" = rport=445 | protocol=6 | dir=out | app=system |
"{6921C121-D7BD-473F-86CC-A752C6952F27}" = rport=137 | protocol=17 | dir=out | app=system |
"{6926B6A4-EBF3-41EC-A8E8-D3FB6016B921}" = lport=139 | protocol=6 | dir=in | app=system |
"{74B81CBC-B002-4A9D-84C7-8780C76AFDB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9173AB8D-1149-4558-B279-8471DD0FBA29}" = rport=139 | protocol=6 | dir=out | app=system |
"{C462EA06-8553-4B03-AE18-2AF677616FD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDF8CAB5-DB58-4B24-B7DA-9C92F2D62073}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D7DF3CBF-F887-47DC-88CA-F81CCDC22392}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF80E2BB-F36D-4018-9D1C-1E74BA6DE9EC}" = lport=137 | protocol=17 | dir=in | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{156DB509-4AAF-4163-A40B-F65B5669F647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23F0B9C6-1CD8-41B5-98B8-91AE124A1294}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{32ED18D5-8676-4DF3-BE3D-BB7B79D7CAE5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{515D3D83-795D-4AE3-8CD9-410B7D98BB81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{593DCF9D-E2AC-47D9-A5CE-C4DD66FB0272}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E6605A-5945-498C-B9E7-31F41B0A780F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{961B1364-56AE-4716-9DCF-03DEFEE2E8A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B00963C1-F048-44E8-ACB7-591E236A93E9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B21BAA6A-23AF-410D-AD8E-B4BBE6196AD5}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D70C15CA-F10F-440B-ACAC-2712E92C30EF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E7A8C641-3031-40E0-AD6D-FA7ABA1517AB}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E8AA2E90-A150-4470-AC35-C36884ADAAA7}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FB56527E-D782-400C-A51C-5BA846AF24B3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DE075DB-4218-4B2C-A35E-48D80BA680BB}" = Heroes of Might and Magic V
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EDFCB74-81C0-4FB6-9FDF-1BC7CD098638}" = Adobe InDesign CS3
"{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A81000000003}" = Adobe Reader 8.1.0 - Polish
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD876490-252F-4EEF-B205-2E8F5A6E523B}" = ProtectSmart Hard Drive Protection
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3
"AOL Toolbar" = Pasek narzędzi AOL 5.0
"Bakugan Screensaver" = Bakugan Screensaver
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"Gadu-Gadu 10" = Gadu-Gadu 10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer cenzura! Program 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"RealAlt_is1" = Real Alternative 2.0.2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TC UP" = Total Commander Ultima Prime 5.2.0.0
"TransMac_is1" = TransMac version 8.1
"UltraISO_is1" = UltraISO Premium V9.36
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2011-04-13 04:02:10 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-13 05:03:14 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-13 12:26:05 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-13 16:57:30 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-14 06:20:58 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-14 09:12:24 | Computer Name = Gosia-Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-04-14 13:55:17 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-15 10:44:20 | Computer Name = Gosia-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 2011-04-15 11:14:17 | Computer Name = Gosia-Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-04-15 11:14:17 | Computer Name = Gosia-Laptop | Source = Windows Search Service | ID = 3013
Description =
[ OSession Events ]
Error - 2011-01-20 13:34:05 | Computer Name = Gosia-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 497
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2011-04-15 11:53:43 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 2011-04-15 11:57:55 | Computer Name = Gosia-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 2011-04-15 14:27:40 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-04-15 14:27:40 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-04-15 14:28:34 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 2011-04-15 14:29:01 | Computer Name = Gosia-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 2011-04-16 04:23:38 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-04-16 04:23:38 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-04-16 04:24:32 | Computer Name = Gosia-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 2011-04-16 04:26:20 | Computer Name = Gosia-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Gmer:
- Kod: Zaznacz wszystko
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-16 11:27:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O
Running: 9ydvwckb.exe; Driver: C:\Users\BARTUS~1\AppData\Local\Temp\uglyrpow.sys
---- System - GMER 1.0.15 ----
SSDT 9C404068 ZwAlertResumeThread
SSDT 94FD5458 ZwAlertThread
SSDT 9CF4F530 ZwAllocateVirtualMemory
SSDT 94E4B4F8 ZwAlpcConnectPort
SSDT 9C984ED0 ZwAssignProcessToJobObject
SSDT 9CF5D138 ZwCreateMutant
SSDT 9CF64660 ZwCreateSymbolicLinkObject
SSDT 9CEA02E8 ZwCreateThread
SSDT 9C41D048 ZwDebugActiveProcess
SSDT 9CF4F748 ZwDuplicateObject
SSDT 9CF51D38 ZwFreeVirtualMemory
SSDT 94FCD068 ZwImpersonateAnonymousToken
SSDT 9C409450 ZwImpersonateThread
SSDT 94E4B480 ZwLoadDriver
SSDT 9CF51BD8 ZwMapViewOfSection
SSDT 94FC9848 ZwOpenEvent
SSDT 9CF4F9E8 ZwOpenProcess
SSDT 94FC3068 ZwOpenProcessToken
SSDT 9C412048 ZwOpenSection
SSDT 9CF4F858 ZwOpenThread
SSDT 9CF63870 ZwProtectVirtualMemory
SSDT 94F82150 ZwResumeThread
SSDT 94F8A638 ZwSetContextThread
SSDT 9CF51980 ZwSetInformationProcess
SSDT 9C431048 ZwSetSystemInformation
SSDT 94FCB498 ZwSuspendProcess
SSDT 94F894B8 ZwSuspendThread
SSDT 94F89068 ZwTerminateProcess
SSDT 94F08E58 ZwTerminateThread
SSDT 94F60150 ZwUnmapViewOfSection
SSDT 9CF4F120 ZwWriteVirtualMemory
SSDT 9CF64CF0 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 820BC8A0 8 Bytes [68, 40, 40, 9C, 58, 54, FD, ...] {PUSH 0x589c4040; PUSH ESP; STD ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 820BC8B4 4 Bytes [30, F5, F4, 9C] {XOR CH, DH; HLT ; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 13D 820BC8C0 4 Bytes [F8, B4, E4, 94] {CLC ; MOV AH, 0xe4; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 191 820BC914 4 Bytes [D0, 4E, 98, 9C] {ROR BYTE [ESI-0x68], 0x1; PUSHF }
.text ntkrnlpa.exe!KeSetEvent + 1F5 820BC978 4 Bytes [38, D1, F5, 9C] {CMP CL, DL; CMC ; PUSHF }
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D006320, 0x3E4E87, 0xE8000020]
? C:\Users\BARTUS~1\AppData\Local\Temp\mbr.sys Nie można odnaleźć określonego pliku. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3536] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\BTHUSB \Device\000000b7 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000b9 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bdfb7c
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186bdfb7c (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\Temp\TMP66D0.tmp (size mismatch) 897024/0 bytes executable
---- EOF - GMER 1.0.15 ----
