Blaster/Sasser problem z usunięciem wirusa


(Bany252) #1

Witam ,

Aktualnie używam komputera z Windowsem XP i mam pewien problem dotyczący wirusa Blaster/Sasser. Wiem jak go usunąć ale problem jest w tym nie mogę pobrać potrzebnych plików do tej operacji. Nie mogę pobrać NIC z żadnej przeglądarki internetowej. Pobieranie zawiesza się przy 3-4kb do końca pobierania. Nie mogę również szukać czegokolwiek w komputerze funkcją Wyszukaj(jest tam tylko jeden przycisk "Prześlij Kwerendę"), nie mogę zarządzać kontami użytkowników(po prostu gdy włączę Konta Użytkowników okno jest białe, widać tylko klawisze nawigacyjne i ramkę) ani nie widzę otwartych programów na pasku zadań. Tytuł umieściłem taki gdyż nie wiem czy jest to sprawka tego wirusa czy czegoś innego.

Proszę o pomoc w rozwiązaniu tego problemu


(IPSEN) #2

Podaj wymagane logi -http://forum.dobreprogramy.pl/analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html-dwa raporty OTL.txt oraz Extras.txt


(Bany252) #3

OTL:

OTL logfile created on: 2013-08-01 17:02:28 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ola\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 432,40 Mb Available Physical Memory | 42,25% Memory free

1,66 Gb Paging File | 1,09 Gb Available in Paging File | 65,72% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files

Drive C: | 74,56 Gb Total Space | 10,86 Gb Free Space | 14,56% Space Free | Partition Type: NTFS

Computer Name: PRACA | User Name: ola | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-08-01 17:01:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ola\Moje dokumenty\Pobieranie\OTL.exe

PRC - 2013-08-01 16:50:10 | 000,012,288 | ---- | M -- C:\Documents and Settings\ola\Ustawienia lokalne\Temp\feoyh.exe

PRC - 2013-08-01 16:14:41 | 000,012,288 | ---- | M -- C:\Documents and Settings\ola\Ustawienia lokalne\Temp\winwlcbvs.exe

PRC - 2013-08-01 13:28:18 | 000,012,288 | ---- | M -- C:\WINDOWS.0\Temp\winvnucou.exe

PRC - 2013-07-26 12:11:20 | 002,847,696 | ---- | M -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1519.190{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

PRC - [2013-07-10 13:37:29 | 000,998,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2013-06-28 14:02:06 | 002,431,312 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe

PRC - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2011-06-17 19:33:04 | 000,346,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

PRC - [2010-08-05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2008-04-14 19:21:16 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe

PRC - 2006-11-17 17:54:00 | 001,933,312 | ---- | M -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

PRC - [2006-10-25 09:32:36 | 000,118,784 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\EXPLORER.EXE

PRC - [2006-06-29 18:34:20 | 000,122,880 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

PRC - 2006-06-22 20:28:24 | 002,334,720 | ---- | M -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

PRC - 2006-06-22 01:03:50 | 002,478,080 | ---- | M -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin

========== Modules (No Company Name) ==========

MOD - 2013-08-01 16:50:10 | 000,012,288 | ---- | M -- C:\Documents and Settings\ola\Ustawienia lokalne\Temp\feoyh.exe

MOD - 2013-08-01 16:14:41 | 000,012,288 | ---- | M -- C:\Documents and Settings\ola\Ustawienia lokalne\Temp\winwlcbvs.exe

MOD - 2013-08-01 13:28:18 | 000,012,288 | ---- | M -- C:\WINDOWS.0\Temp\winvnucou.exe

MOD - 2013-07-26 12:11:20 | 002,847,696 | ---- | M -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1519.190{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

MOD - 2013-07-26 12:10:11 | 002,691,536 | ---- | M -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1519.190{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - 2013-07-10 13:37:25 | 003,285,912 | ---- | M -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - 2013-06-03 11:57:01 | 002,521,552 | ---- | M -- c:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1339.144{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - 2006-10-22 13:22:00 | 000,466,944 | ---- | M -- C:\WINDOWS.0\system32\nvshell.dll

MOD - 2006-10-22 13:22:00 | 000,212,992 | ---- | M -- C:\WINDOWS.0\system32\nvapi.dll

MOD - 2006-05-13 05:36:58 | 000,828,416 | ---- | M -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS.0\UnsignedThemesSvc.exe -- (UnsignedThemes)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - 2013-07-26 12:11:20 | 002,847,696 | ---- | M [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1519.190{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

SRV - [2013-07-10 13:37:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013-05-28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-07-05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011-06-17 19:33:04 | 000,306,640 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)

SRV - [2010-11-30 18:03:00 | 004,023,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\GameMon.des -- (npggsvc)

SRV - [2010-08-05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2006-07-03 16:22:58 | 000,126,976 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS.0\system32\drivers\uxpatch.sys -- (uxpatch)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\mnrof.sys -- (abp470n5)

DRV - [2009-03-28 12:43:15 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\kl1.sys -- (kl1)

DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2005-12-11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\ANIO.sys -- (ANIO)

DRV - [2005-11-03 21:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Dr71WU.sys -- (RT73)

DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\rtl8139.sys -- (rtl8139)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001-08-17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\irsir.sys -- (irsir)

DRV - 2001-08-17 22:28:12 | 000,488,383 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_V124.sys -- (V124)

DRV - 2001-08-17 22:28:12 | 000,050,751 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_TONE.sys -- (Tones)

DRV - 2001-08-17 22:28:10 | 000,542,879 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\HSF_MSFT.sys -- (hsf_msft)

DRV - 2001-08-17 22:28:10 | 000,057,471 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\HSF_SAMP.sys -- (Rksample)

DRV - 2001-08-17 22:28:08 | 000,391,199 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_K56K.sys -- (K56)

DRV - 2001-08-17 22:28:06 | 000,289,887 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_FALL.sys -- (Fallback)

DRV - 2001-08-17 22:28:06 | 000,199,711 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_FAXX.sys -- (SoftFax)

DRV - 2001-08-17 22:28:06 | 000,115,807 | ---- | M [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\HSF_FSKS.sys -- (Fsks)

DRV - 2001-08-17 22:28:04 | 000,067,167 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\HSF_BSC2.sys -- (basic2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=110819 ... 22b0e3e1c9

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2417076

IE - HKCU..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll (Conduit Ltd.)

IE - HKCU..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU..\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2417076

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110819&tt=140812_bandext_3312_4&babsrc=HP_ss&mntrId=3d5784f30000000000000022b0e3e1c9"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.0\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS.0\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\Components: C:\Program Files\Mozilla Firefox\components [2013-06-08 19:22:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-02 18:54:55 | 000,000,000 | ---D | M]

[2011-04-05 15:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ola\Dane aplikacji\Mozilla\Extensions

[2012-05-06 15:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\s22dbvvp.default\extensions

[2012-03-11 19:55:39 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\s22dbvvp.default\extensions\battlefieldheroespatcher@ea.com

2012-05-06 08:18:46 | 000,020,591 | ---- | M (No name found) -- C:\Documents and Settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\s22dbvvp.default\extensions{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012-05-06 08:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-10-31 21:35:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013-06-08 19:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

2013-07-10 13:37:39 | 000,000,000 | ---D | M -- C:\Program Files\Mozilla Firefox\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

2012-08-16 12:45:11 | 000,002,364 | ---- | M -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com

CHR - Extension: No name found = C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: No name found = C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2001-10-30 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll (Conduit Ltd.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll (Conduit Ltd.)

O3 - HKLM..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)

O3 - HKLM..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O3 - HKLM..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKCU..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\prxtbgr0.dll (Conduit Ltd.)

O3 - HKCU..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)

O4 - HKLM..\Run: [DrvIcon] C:\PROGRA~1\UXPACK~1\VISTAD~1\DrvIcon.exe File not found

O4 - HKLM..\Run: [EB890B] C:\WINDOWS.0\system32\4EA64E\EB890B.EXE ()

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS.0\System32\EXPLORER.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [wsctf.exe] wsctf.exe File not found

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\ola\Menu Start\Programy\Autostart\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.minigry.pl/common/ap ... Loader.cab (PowerLoader Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2544455815 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2546774404 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.0\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{D75B4D3B-587F-48EF-81E4-5A0116293A59}: DhcpNameServer = 10.128.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{F7A8FAEC-0F0C-4BD9-B967-0D82E247BEB8}: DhcpNameServer = 62.179.1.63 62.179.1.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (c:\docume~1\alluse~1.0\daneap~1\browse~1\261519~1.190{16cdf~1\browse~1.dll) - c:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1519.190{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\System32\EXPLORER.EXE (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS.0\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS.0\System32\EXPLORER.EXE (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2002-08-19 10:04:14 | 000,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-07-30 12:29:34 | 000,163,328 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\FlashPlayerUpdateService.exe

[2013-07-11 17:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\Lavalys

[2013-07-11 17:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys

[2013-07-03 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Menu Start\Programy\LogMeIn Hamachi

[2013-07-03 22:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[5 C:\WINDOWS.0*.tmp files -> C:\WINDOWS.0*.tmp ->]

[2 C:\WINDOWS.0\System32*.tmp files -> C:\WINDOWS.0\System32*.tmp ->]

[1 C:*.tmp files -> C:*.tmp ->]

========== Files - Modified Within 30 Days ==========

2013-08-01 16:56:33 | 003,170,358 | ---- | M -- C:\Documents and Settings\ola\Pulpit\Wyszukaj.bmp

2013-08-01 16:38:15 | 000,000,934 | ---- | M -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job

2013-08-01 16:24:57 | 000,000,398 | -H-- | M -- C:\WINDOWS.0\tasks\Norton Security Scan for ola.job

2013-08-01 16:22:00 | 000,001,030 | ---- | M -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job

2013-08-01 16:12:05 | 000,000,004 | ---- | M -- C:\WINDOWS.0\System32\ANIWZCSUSERNAME{D75B4D3B-587F-48EF-81E4-5A0116293A59}

2013-08-01 16:12:01 | 000,088,566 | ---- | M -- C:\WINDOWS.0\System32\nvapps.xml

2013-08-01 16:11:01 | 000,013,002 | ---- | M -- C:\WINDOWS.0\System32\wpa.dbl

2013-08-01 16:10:46 | 000,000,290 | ---- | M -- C:\WINDOWS.0\tasks\Express FilesUpdate.job

2013-08-01 16:10:42 | 000,001,032 | ---- | M -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore1ce8eac43ce53bc.job

2013-08-01 16:10:42 | 000,000,256 | ---- | M -- C:\WINDOWS.0\tasks\SpeedUpMyPC.job

2013-08-01 13:22:19 | 000,000,007 | ---- | M -- C:\WINDOWS.0\System32\ANIWZCSUSERNAME

2013-08-01 13:21:32 | 000,002,048 | --S- | M -- C:\WINDOWS.0\bootstat.dat

2013-07-30 19:00:00 | 000,000,250 | ---- | M -- C:\WINDOWS.0\tasks\RMSchedule.job

2013-07-12 18:08:09 | 000,130,096 | ---- | M -- C:\WINDOWS.0\System32\FNTCACHE.DAT

2013-07-12 17:19:07 | 000,605,700 | ---- | M -- C:\WINDOWS.0\System32\perfh015.dat

2013-07-12 17:19:07 | 000,520,306 | ---- | M -- C:\WINDOWS.0\System32\perfh009.dat

2013-07-12 17:19:07 | 000,126,962 | ---- | M -- C:\WINDOWS.0\System32\perfc015.dat

2013-07-12 17:19:06 | 000,095,794 | ---- | M -- C:\WINDOWS.0\System32\perfc009.dat

2013-07-12 17:09:12 | 000,001,374 | ---- | M -- C:\WINDOWS.0\imsins.BAK

2013-07-12 16:55:52 | 000,013,667 | ---- | M -- C:\WINDOWS.0\System32\MRT.INI

2013-07-11 17:52:57 | 000,000,000 | -H-- | M -- C:\WINDOWS.0\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[5 C:\WINDOWS.0*.tmp files -> C:\WINDOWS.0*.tmp ->]

[2 C:\WINDOWS.0\System32*.tmp files -> C:\WINDOWS.0\System32*.tmp ->]

[1 C:*.tmp files -> C:*.tmp ->]

========== Files Created - No Company Name ==========

2013-08-01 16:56:32 | 003,170,358 | ---- | C -- C:\Documents and Settings\ola\Pulpit\Wyszukaj.bmp

2013-08-01 13:42:56 | 000,001,032 | ---- | C -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore1ce8eac43ce53bc.job

2013-02-19 01:44:56 | 000,013,667 | ---- | C -- C:\WINDOWS.0\System32\MRT.INI

2012-07-31 11:10:54 | 000,069,632 | ---- | C -- C:\WINDOWS.0\System32\moveex.exe

2012-02-17 15:09:06 | 000,003,072 | ---- | C -- C:\WINDOWS.0\System32\iacenc.dll

2011-04-16 19:50:04 | 000,138,056 | ---- | C -- C:\Documents and Settings\ola\Dane aplikacji\PnkBstrK.sys

2008-03-25 17:18:24 | 000,000,128 | ---- | C -- C:\Documents and Settings\ola\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

========== ZeroAccess Check ==========

2007-07-20 13:46:32 | 000,000,227 | RHS- | M -- C:\WINDOWS.0\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2009-09-25 07:37:33 | 001,789,440 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS.0\System32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS.0\System32\wbem\wbemess.dll -- [2008-04-14 19:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2010-06-04 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\AlawarWrapper

[2012-07-25 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Babylon

[2012-08-05 13:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\boost_interprocess

[2013-08-01 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager

[2007-09-01 10:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\CodeGear

[2009-03-07 20:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Embarcadero

[2012-11-28 23:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\TEMP

[2010-04-29 17:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\TreeDraw

[2009-01-09 19:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji{2A1601C1-08A4-41E8-A2AA-44C40EDBAA2D}

[2007-09-08 12:29:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji{2EB4C530-C94F-4893-ABDC-C1E05A89956E}

[2007-09-01 19:34:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\~0

[2009-03-08 11:52:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\~1

[2009-03-08 11:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\~2

[2012-07-21 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji.minecraft

[2011-09-20 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\DBF Manager

[2008-08-31 14:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\pl-soft

[2012-01-31 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\TeamViewer

[2010-01-31 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\Windows Desktop Search

[2010-02-19 13:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\Windows Search

[2010-05-29 19:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ola\Dane aplikacji\World-Loom

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\TEMP:D1B5B4F1

< End of report >


(IPSEN) #4

Raporty umieszczamy na http://www.wklej.org, http://www.wklej.to a w poście na forum podajemy linka do wklejki.Brak Extras.txt


(Bany252) #5

Extras:

OTL Extras logfile created on: 2013-08-01 17:02:28 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ola\Moje dokumenty\Pobieranie

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 432,40 Mb Available Physical Memory | 42,25% Memory free

1,66 Gb Paging File | 1,09 Gb Available in Paging File | 65,72% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files

Drive C: | 74,56 Gb Total Space | 10,86 Gb Free Space | 14,56% Space Free | Partition Type: NTFS

Computer Name: PRACA | User Name: ola | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Documents and Settings\Martyna\Dane aplikacji\File Scout\filescout.exe" /open "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS.0\system32\sessmgr.exe" = C:\WINDOWS.0\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)

"X:\WTK22\bin\emulator.exe" = X:\WTK22\bin\emulator.exe:*:Enabled:emulator

"X:\j2sdk1.4.2\bin\java.exe" = X:\j2sdk1.4.2\bin\java.exe:*:Enabled:java

"X:\WTK22\bin\zayit.exe" = X:\WTK22\bin\zayit.exe:*:Enabled:zayit

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\kav\kav7.0\english\setup.exe" = C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)

"C:\Documents and Settings\kamil.PRUSAK\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe" = C:\Documents and Settings\kamil.PRUSAK\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Disabled:PowerSoccer -- ()

"C:\Documents and Settings\praca\Dane aplikacji\PowerChallenge\PowerSoccer\PowerSoccer.exe" = C:\Documents and Settings\praca\Dane aplikacji\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer -- ()

"C:\Documents and Settings\kamil.PRUSAK\Dane aplikacji\PowerChallenge\PowerSoccer\PowerSoccer.exe" = C:\Documents and Settings\kamil.PRUSAK\Dane aplikacji\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Disabled:PowerSoccer -- ()

"C:\WINDOWS.0\system32\PnkBstrA.exe" = C:\WINDOWS.0\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS.0\system32\PnkBstrB.exe" = C:\WINDOWS.0\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Program Files\Metin2\metin2.exe" = C:\Program Files\Metin2\metin2.exe:*:Enabled:metin2 -- ()

"C:\Program Files\Metin2\metin2client.bin" = C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client -- (Ymir Entertainment)

"C:\WINDOWS.0\system32\dpvsetup.exe" = C:\WINDOWS.0\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS.0\system32\rundll32.exe" = C:\WINDOWS.0\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację -- (Microsoft Corporation)

"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:tlen -- ()

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:ipsec -- (Ares Development Group)

"C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files -- (http://www.express-files.com/)

"C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files -- (http://www.express-files.com/)

"C:\WINDOWS.0\system32\javaw.exe" = C:\WINDOWS.0\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Oracle Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Oracle Corporation)

"D:\RECORD.exe" = D:\RECORD.exe:*:Enabled:ipsec

"C:\WINDOWS.0\system32\EXPLORER.EXE" = C:\WINDOWS.0\system32\EXPLORER.EXE:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\ingjxv.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\ingjxv.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\kyywyy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\kyywyy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winlmef.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winlmef.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrons.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrons.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\tbpo.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\tbpo.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\nwkjn.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\nwkjn.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqgjwp.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqgjwp.exe:*:Enabled:ipsec

"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec -- (Google Inc.)

"C:\WINDOWS.0\system32\4EA64E\EB890B.EXE" = C:\WINDOWS.0\system32\4EA64E\EB890B.EXE:*:Enabled:ipsec -- ()

"C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe:*:Enabled:ipsec -- (Alpha Networks Inc.)

"C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" = C:\Program Files\D-Link\AirPlus G\AirGCFG.exe:*:Enabled:ipsec -- (D-Link)

"C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe" = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe:*:Enabled:ipsec -- (McAfee, Inc.)

"C:\WINDOWS.0\system32\ctfmon.exe" = C:\WINDOWS.0\system32\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\Program Files\ExpressFiles\EFUpdater.exe" = C:\Program Files\ExpressFiles\EFUpdater.exe:*:Enabled:ipsec -- (http://www.express-files.com/)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)

"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:ipsec -- (LogMeIn Inc.)

"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.)

"C:\WINDOWS.0\TEMP\lptpa.exe" = C:\WINDOWS.0\TEMP\lptpa.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winnouxp.exe" = C:\WINDOWS.0\TEMP\winnouxp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winbssr.exe" = C:\WINDOWS.0\TEMP\winbssr.exe:*:Enabled:ipsec

"C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" = C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe:*:Enabled:ipsec -- (Uniblue Systems Ltd)

"C:\WINDOWS.0\TEMP\ffov.exe" = C:\WINDOWS.0\TEMP\ffov.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winytyk.exe" = C:\WINDOWS.0\TEMP\winytyk.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wineiudsy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wineiudsy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\bowdk.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\bowdk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ciiqj.exe" = C:\WINDOWS.0\TEMP\ciiqj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ybdjdk.exe" = C:\WINDOWS.0\TEMP\ybdjdk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\bwuwa.exe" = C:\WINDOWS.0\TEMP\bwuwa.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\asnoxj.exe" = C:\WINDOWS.0\TEMP\asnoxj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\qfmxu.exe" = C:\WINDOWS.0\TEMP\qfmxu.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\metvd.exe" = C:\WINDOWS.0\TEMP\metvd.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincxvfo.exe" = C:\WINDOWS.0\TEMP\wincxvfo.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincauhcm.exe" = C:\WINDOWS.0\TEMP\wincauhcm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wingtin.exe" = C:\WINDOWS.0\TEMP\wingtin.exe:*:Enabled:ipsec

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\WINDOWS.0\TEMP\winosact.exe" = C:\WINDOWS.0\TEMP\winosact.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\engprf.exe" = C:\WINDOWS.0\TEMP\engprf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\hkhg.exe" = C:\WINDOWS.0\TEMP\hkhg.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\agpymu.exe" = C:\WINDOWS.0\TEMP\agpymu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winxfmssm.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winxfmssm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\Explorer.EXE" = C:\WINDOWS.0\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\ensugd.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\ensugd.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winovqwer.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winovqwer.exe:*:Enabled:ipsec

"C:\Program Files\Windows Desktop Search\WindowsSearch.exe" = C:\Program Files\Windows Desktop Search\WindowsSearch.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\WINDOWS.0\TEMP\winuinf.exe" = C:\WINDOWS.0\TEMP\winuinf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\efssvq.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\efssvq.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winkwdog.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winkwdog.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winlsarxx.exe" = C:\WINDOWS.0\TEMP\winlsarxx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\sbmytv.exe" = C:\WINDOWS.0\TEMP\sbmytv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\bhrsh.exe" = C:\WINDOWS.0\TEMP\bhrsh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ytxl.exe" = C:\WINDOWS.0\TEMP\ytxl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\fjckr.exe" = C:\WINDOWS.0\TEMP\fjckr.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winaehr.exe" = C:\WINDOWS.0\TEMP\winaehr.exe:*:Enabled:ipsec

"C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe" = C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe:*:Enabled:ipsec -- (Alpha Networks Inc.)

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingbis.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingbis.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\dyne.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\dyne.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winenss.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winenss.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winmnsw.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winmnsw.exe:*:Enabled:ipsec

"C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe" = C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)

"C:\WINDOWS.0\TEMP\winmappl.exe" = C:\WINDOWS.0\TEMP\winmappl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winkdyxn.exe" = C:\WINDOWS.0\TEMP\winkdyxn.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\cjoaf.exe" = C:\WINDOWS.0\TEMP\cjoaf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winvjtqbv.exe" = C:\WINDOWS.0\TEMP\winvjtqbv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winctpskg.exe" = C:\WINDOWS.0\TEMP\winctpskg.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wintgkbn.exe" = C:\WINDOWS.0\TEMP\wintgkbn.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winnqxvsw.exe" = C:\WINDOWS.0\TEMP\winnqxvsw.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winejsr.exe" = C:\WINDOWS.0\TEMP\winejsr.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\arafi.exe" = C:\WINDOWS.0\TEMP\arafi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winrtdjlw.exe" = C:\WINDOWS.0\TEMP\winrtdjlw.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqexutk.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqexutk.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqjrxf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqjrxf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\jpsk.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\jpsk.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\jmnms.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\jmnms.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxwcex.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxwcex.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winppctlq.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winppctlq.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winiktdka.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winiktdka.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winctfxg.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winctfxg.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\lbupf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\lbupf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\vyxvxv.exe" = C:\WINDOWS.0\TEMP\vyxvxv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winsxpr.exe" = C:\WINDOWS.0\TEMP\winsxpr.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winotkypi.exe" = C:\WINDOWS.0\TEMP\winotkypi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\rbouu.exe" = C:\WINDOWS.0\TEMP\rbouu.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winpdmvo.exe" = C:\WINDOWS.0\TEMP\winpdmvo.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wingdqub.exe" = C:\WINDOWS.0\TEMP\wingdqub.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\vcxwj.exe" = C:\WINDOWS.0\TEMP\vcxwj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\irpqv.exe" = C:\WINDOWS.0\TEMP\irpqv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winibewvd.exe" = C:\WINDOWS.0\TEMP\winibewvd.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\jruk.exe" = C:\WINDOWS.0\TEMP\jruk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\xrym.exe" = C:\WINDOWS.0\TEMP\xrym.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\rlrii.exe" = C:\WINDOWS.0\TEMP\rlrii.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\qmqikl.exe" = C:\WINDOWS.0\TEMP\qmqikl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winbomylq.exe" = C:\WINDOWS.0\TEMP\winbomylq.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winrgprck.exe" = C:\WINDOWS.0\TEMP\winrgprck.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winxojva.exe" = C:\WINDOWS.0\TEMP\winxojva.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winermq.exe" = C:\WINDOWS.0\TEMP\winermq.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winulll.exe" = C:\WINDOWS.0\TEMP\winulll.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winfdui.exe" = C:\WINDOWS.0\TEMP\winfdui.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winfnfy.exe" = C:\WINDOWS.0\TEMP\winfnfy.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\obcfe.exe" = C:\WINDOWS.0\TEMP\obcfe.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wingfqmdk.exe" = C:\WINDOWS.0\TEMP\wingfqmdk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winnlivo.exe" = C:\WINDOWS.0\TEMP\winnlivo.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winptnks.exe" = C:\WINDOWS.0\TEMP\winptnks.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winpxuq.exe" = C:\WINDOWS.0\TEMP\winpxuq.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\xsnqmd.exe" = C:\WINDOWS.0\TEMP\xsnqmd.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winfitx.exe" = C:\WINDOWS.0\TEMP\winfitx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\xjyno.exe" = C:\WINDOWS.0\TEMP\xjyno.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winshbrk.exe" = C:\WINDOWS.0\TEMP\winshbrk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winyscjox.exe" = C:\WINDOWS.0\TEMP\winyscjox.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\hedhji.exe" = C:\WINDOWS.0\TEMP\hedhji.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\dwht.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\dwht.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\ofgu.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\ofgu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\kmcn.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\kmcn.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winvbxhw.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winvbxhw.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\ejede.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\ejede.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winkvjs.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winkvjs.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winmksilb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winmksilb.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winqhygdd.exe" = C:\WINDOWS.0\TEMP\winqhygdd.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ipicvm.exe" = C:\WINDOWS.0\TEMP\ipicvm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wingploh.exe" = C:\WINDOWS.0\TEMP\wingploh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winyeeu.exe" = C:\WINDOWS.0\TEMP\winyeeu.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\xdkeg.exe" = C:\WINDOWS.0\TEMP\xdkeg.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winiilh.exe" = C:\WINDOWS.0\TEMP\winiilh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincnxoww.exe" = C:\WINDOWS.0\TEMP\wincnxoww.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winlevu.exe" = C:\WINDOWS.0\TEMP\winlevu.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\mojbl.exe" = C:\WINDOWS.0\TEMP\mojbl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\vvyb.exe" = C:\WINDOWS.0\TEMP\vvyb.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincadcp.exe" = C:\WINDOWS.0\TEMP\wincadcp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\rjebn.exe" = C:\WINDOWS.0\TEMP\rjebn.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincwoi.exe" = C:\WINDOWS.0\TEMP\wincwoi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winkeomft.exe" = C:\WINDOWS.0\TEMP\winkeomft.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winlpsdn.exe" = C:\WINDOWS.0\TEMP\winlpsdn.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winghob.exe" = C:\WINDOWS.0\TEMP\winghob.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winwhrw.exe" = C:\WINDOWS.0\TEMP\winwhrw.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winhlxl.exe" = C:\WINDOWS.0\TEMP\winhlxl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\dtuend.exe" = C:\WINDOWS.0\TEMP\dtuend.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winaxoj.exe" = C:\WINDOWS.0\TEMP\winaxoj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\gueqv.exe" = C:\WINDOWS.0\TEMP\gueqv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wincopw.exe" = C:\WINDOWS.0\TEMP\wincopw.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winodpfv.exe" = C:\WINDOWS.0\TEMP\winodpfv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wineiuyko.exe" = C:\WINDOWS.0\TEMP\wineiuyko.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winwrvs.exe" = C:\WINDOWS.0\TEMP\winwrvs.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\kntqvp.exe" = C:\WINDOWS.0\TEMP\kntqvp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winrtvno.exe" = C:\WINDOWS.0\TEMP\winrtvno.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winoarra.exe" = C:\WINDOWS.0\TEMP\winoarra.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winulgudq.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winulgudq.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnmmsic.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnmmsic.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winvuwr.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winvuwr.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\gxan.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\gxan.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\uudx.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\uudx.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\xdwm.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\xdwm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\jgwwhj.exe" = C:\WINDOWS.0\TEMP\jgwwhj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\jnqdi.exe" = C:\WINDOWS.0\TEMP\jnqdi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winoyxho.exe" = C:\WINDOWS.0\TEMP\winoyxho.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\iegojp.exe" = C:\WINDOWS.0\TEMP\iegojp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\xcaqyj.exe" = C:\WINDOWS.0\TEMP\xcaqyj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\subwxp.exe" = C:\WINDOWS.0\TEMP\subwxp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winutxf.exe" = C:\WINDOWS.0\TEMP\winutxf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\tionow.exe" = C:\WINDOWS.0\TEMP\tionow.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wjsoa.exe" = C:\WINDOWS.0\TEMP\wjsoa.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\clkuu.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\clkuu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wingacssg.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wingacssg.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\mclclp.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\mclclp.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuqhsak.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuqhsak.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\drdll.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\drdll.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxtrslm.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxtrslm.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wfoc.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wfoc.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\mnmndp.exe" = C:\WINDOWS.0\TEMP\mnmndp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\hedwea.exe" = C:\WINDOWS.0\TEMP\hedwea.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\inhq.exe" = C:\WINDOWS.0\TEMP\inhq.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winubajmn.exe" = C:\WINDOWS.0\TEMP\winubajmn.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\fqkfp.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\fqkfp.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\quuosh.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\quuosh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winjleet.exe" = C:\WINDOWS.0\TEMP\winjleet.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\rtui.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\rtui.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winxbff.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winxbff.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winftjjq.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winftjjq.exe:*:Enabled:ipsec

"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.)

"C:\WINDOWS.0\TEMP\winipayx.exe" = C:\WINDOWS.0\TEMP\winipayx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\halqr.exe" = C:\WINDOWS.0\TEMP\halqr.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winipra.exe" = C:\WINDOWS.0\TEMP\winipra.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wintxjci.exe" = C:\WINDOWS.0\TEMP\wintxjci.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winclwbiu.exe" = C:\WINDOWS.0\TEMP\winclwbiu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\fcsny.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\fcsny.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wintyss.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wintyss.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjvkb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjvkb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winpoasf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winpoasf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\xfpe.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\xfpe.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\bffvjf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\bffvjf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjqjydb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjqjydb.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\bgah.exe" = C:\WINDOWS.0\TEMP\bgah.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winwbswe.exe" = C:\WINDOWS.0\TEMP\winwbswe.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winwerp.exe" = C:\WINDOWS.0\TEMP\winwerp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\edkgbm.exe" = C:\WINDOWS.0\TEMP\edkgbm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\nxnyi.exe" = C:\WINDOWS.0\TEMP\nxnyi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\gyrtq.exe" = C:\WINDOWS.0\TEMP\gyrtq.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winxubp.exe" = C:\WINDOWS.0\TEMP\winxubp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winmyhljx.exe" = C:\WINDOWS.0\TEMP\winmyhljx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winuxec.exe" = C:\WINDOWS.0\TEMP\winuxec.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winsmhe.exe" = C:\WINDOWS.0\TEMP\winsmhe.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winrqpxs.exe" = C:\WINDOWS.0\TEMP\winrqpxs.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\qnrvbp.exe" = C:\WINDOWS.0\TEMP\qnrvbp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ymbk.exe" = C:\WINDOWS.0\TEMP\ymbk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winshyf.exe" = C:\WINDOWS.0\TEMP\winshyf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winyrlsh.exe" = C:\WINDOWS.0\TEMP\winyrlsh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winsetwu.exe" = C:\WINDOWS.0\TEMP\winsetwu.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\dpuyh.exe" = C:\WINDOWS.0\TEMP\dpuyh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\vnlcx.exe" = C:\WINDOWS.0\TEMP\vnlcx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\mcmiug.exe" = C:\WINDOWS.0\TEMP\mcmiug.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ydjavm.exe" = C:\WINDOWS.0\TEMP\ydjavm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ahla.exe" = C:\WINDOWS.0\TEMP\ahla.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\joie.exe" = C:\WINDOWS.0\TEMP\joie.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\mgogr.exe" = C:\WINDOWS.0\TEMP\mgogr.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\unvl.exe" = C:\WINDOWS.0\TEMP\unvl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winumyca.exe" = C:\WINDOWS.0\TEMP\winumyca.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winyeay.exe" = C:\WINDOWS.0\TEMP\winyeay.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\eytejg.exe" = C:\WINDOWS.0\TEMP\eytejg.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winevsnj.exe" = C:\WINDOWS.0\TEMP\winevsnj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winhpuaai.exe" = C:\WINDOWS.0\TEMP\winhpuaai.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\avvk.exe" = C:\WINDOWS.0\TEMP\avvk.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\jhgty.exe" = C:\WINDOWS.0\TEMP\jhgty.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winfdai.exe" = C:\WINDOWS.0\TEMP\winfdai.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winevwj.exe" = C:\WINDOWS.0\TEMP\winevwj.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winwpgp.exe" = C:\WINDOWS.0\TEMP\winwpgp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wect.exe" = C:\WINDOWS.0\TEMP\wect.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winftadg.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winftadg.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjlmwec.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winjlmwec.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuxjj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuxjj.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\kjey.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\kjey.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqvvj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqvvj.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\tbvg.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\tbvg.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\jtkyp.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\jtkyp.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winfbxa.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winfbxa.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\cxvui.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\cxvui.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqfdh.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqfdh.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\oberl.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\oberl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winluegy.exe" = C:\WINDOWS.0\TEMP\winluegy.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winrcedkl.exe" = C:\WINDOWS.0\TEMP\winrcedkl.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winbrkh.exe" = C:\WINDOWS.0\TEMP\winbrkh.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\tnamf.exe" = C:\WINDOWS.0\TEMP\tnamf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\pcnyab.exe" = C:\WINDOWS.0\TEMP\pcnyab.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winojawf.exe" = C:\WINDOWS.0\TEMP\winojawf.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\wgqo.exe" = C:\WINDOWS.0\TEMP\wgqo.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\gmnvx.exe" = C:\WINDOWS.0\TEMP\gmnvx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ytpx.exe" = C:\WINDOWS.0\TEMP\ytpx.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\windcrti.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\windcrti.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrwraj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrwraj.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\oeth.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\oeth.exe:*:Enabled:ipsec

"C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe" = C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe:*:Enabled:ipsec -- (Uniblue Systems Ltd)

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincrua.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincrua.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuqkh.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winuqkh.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winowkqkn.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winowkqkn.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincnlpv.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincnlpv.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\sgwnsl.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\sgwnsl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winllwu.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winllwu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\xvbo.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\xvbo.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\qsgctm.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\qsgctm.exe:*:Enabled:ipsec

"C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\ngen.exe" = C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\ngen.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wintwpcgy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wintwpcgy.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\pkvl.exe" = C:\WINDOWS.0\TEMP\pkvl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\kcjor.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\kcjor.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrafqa.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winrafqa.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winksjar.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winksjar.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\lmls.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\lmls.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winiqyurj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winiqyurj.exe:*:Enabled:ipsec

"C:\Program Files\HP\Photosmart Essential\HP_IZE.exe" = C:\Program Files\HP\Photosmart Essential\HP_IZE.exe:*:Enabled:ipsec -- (Hewlett-Packard, Co.)

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingdysvy.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingdysvy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\tusg.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\tusg.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\nbvcag.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\nbvcag.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wintqpncc.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wintqpncc.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\knmgd.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\knmgd.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbqdw.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbqdw.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\tkhqtk.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\tkhqtk.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winitnm.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winitnm.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwsdwh.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwsdwh.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winjlgl.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winjlgl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winlivup.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winlivup.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winjglxyl.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winjglxyl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbsytpc.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbsytpc.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winiakura.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winiakura.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winlomu.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winlomu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winrrdb.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winrrdb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winpbnbvp.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winpbnbvp.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winktohdx.exe" = C:\WINDOWS.0\TEMP\winktohdx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winbveexx.exe" = C:\WINDOWS.0\TEMP\winbveexx.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\gocna.exe" = C:\WINDOWS.0\TEMP\gocna.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\hkehaa.exe" = C:\WINDOWS.0\TEMP\hkehaa.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\hjcjl.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\hjcjl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\ham6.tmp" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\ham6.tmp:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\rjwgpr.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\rjwgpr.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winhgrmw.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winhgrmw.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\plnwb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\plnwb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winfxnmrr.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winfxnmrr.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\danb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\danb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\gfiox.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\gfiox.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\krdb.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\krdb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\clyvu.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\clyvu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winipjj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winipjj.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxcqhpd.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winxcqhpd.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\hraw.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\hraw.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\tojsy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\tojsy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\yvysm.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\yvysm.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\gawm.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\gawm.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\yasf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\yasf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\imyl.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\imyl.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winlwrqof.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winlwrqof.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\w189d54.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\w189d54.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\yvntf.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\yvntf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wlvd.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wlvd.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\lfwxh.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\lfwxh.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\bkqcge.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\bkqcge.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\xganxx.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\xganxx.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingxots.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingxots.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\armf.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\armf.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnyera.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnyera.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\jkvpox.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\jkvpox.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwaexgx.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwaexgx.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\w11e8482.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\w11e8482.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\cfuqcg.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\cfuqcg.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\winevktgy.exe" = C:\WINDOWS.0\TEMP\winevktgy.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\fhju.exe" = C:\WINDOWS.0\TEMP\fhju.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\moae.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\moae.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\ymlqa.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\ymlqa.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwapwb.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winwapwb.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winccjht.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winccjht.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\xgojpy.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\xgojpy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winhddk.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winhddk.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winkcmlp.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winkcmlp.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincyttwy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wincyttwy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\yjgnkh.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\yjgnkh.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\wrxr.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\wrxr.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winmnasrv.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winmnasrv.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\nkiy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\nkiy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winoxan.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winoxan.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winctoyfv.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winctoyfv.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingiue.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingiue.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\joyobu.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\joyobu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnoac.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winnoac.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winafsnn.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winafsnn.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingjng.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingjng.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ixgi.exe" = C:\WINDOWS.0\TEMP\ixgi.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\jmjobv.exe" = C:\WINDOWS.0\TEMP\jmjobv.exe:*:Enabled:ipsec

"C:\WINDOWS.0\TEMP\ydgu.exe" = C:\WINDOWS.0\TEMP\ydgu.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winbddpgy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winbddpgy.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winneevs.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winneevs.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winyffkl.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winyffkl.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbaprx.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\winbaprx.exe:*:Enabled:ipsec

"C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingsrq.exe" = C:\DOCUME~1\Brygida\USTAWI~1\Temp\wingsrq.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\fofj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\fofj.exe:*:Enabled:ipsec

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\nwgl.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\nwgl.exe:*:Enabled:ipsec

"C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1339.144{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe" = C:\Documents and Settings\All Users.WINDOWS.0\Dane aplikacji\Browser Manager\2.6.1339.144{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe:*:Enabled:ipsec -- ()

"C:\WINDOWS.0\TEMP\winvnucou.exe" = C:\WINDOWS.0\TEMP\winvnucou.exe:*:Enabled:ipsec -- ()

"C:\Program Files\Mozilla Firefox\crashreporter.exe" = C:\Program Files\Mozilla Firefox\crashreporter.exe:*:Enabled:ipsec -- (Mozilla Foundation)

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqdfrj.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winqdfrj.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\bolrpn.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\bolrpn.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\bntrvk.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\bntrvk.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winsgwehv.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winsgwehv.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\Martyna\USTAWI~1\Temp\winnbgejy.exe" = C:\DOCUME~1\Martyna\USTAWI~1\Temp\winnbgejy.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\ola\USTAWI~1\Temp\winwlcbvs.exe" = C:\DOCUME~1\ola\USTAWI~1\Temp\winwlcbvs.exe:*:Enabled:ipsec -- ()

"C:\DOCUME~1\ola\USTAWI~1\Temp\feoyh.exe" = C:\DOCUME~1\ola\USTAWI~1\Temp\feoyh.exe:*:Enabled:ipsec -- ()


(Acorus) #6

Pokaż logi wg zasad analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html


(Agatonster) #7

xBany23 ,

Wklejanie logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(Bany252) #8

OTL: http://www.wklejto.pl/169014

Extras (dodałem pod innym nickiem bo mi nie chciało wejść pod tamtym): http://www.wklejto.pl/169018


(Atis) #9

Wirus Sality który infekuje wszystkie pliki wykonywalne.

Zabezpiecz się przed infekcją z USB: Panda USB Vaccine lub KLIK

Uruchom program i kliknij Vaccinate.

Wyłącz przywracanie systemu:

http://support.microsoft.com/kb/310405/pl

Skanuj wszystkie partycje i lecz zainfekowane pliki.

  1. SalityKiller lub KLIK

  2. Dr.Web CureIt lub KLIK Przeskanuj wszystkie dyski: KLIK

  3. Kaspersky Virus Removal Tool 2011 lub KLIK

W zakładce Scan scope zaznacz wszystkie dyski:

Pokaż nowy log gdy skanery nie będą wykrywały żadnych zainfekowanych plików.


(Bany252) #10

Dzięki za pomoc. Jutro z rana zrobię to i prześle logi.