Komputer spowolnił

system · 31 Styczeń 2010 10:11

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:31, on 2010-01-31

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\EXPERTool\TBPanel.exe

C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.winmod.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray

O4 - HKLM…\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKCU…\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Gadu-Gadu 10] “C:\Program Files\Gadu-Gadu 10\gg.exe”

O4 - HKCU…\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorun

O4 - HKCU…\Run: [software Informer] “C:\Program Files\Software Informer\softinfo.exe” -autorun

O4 - HKUS\S-1-5-19…\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘Default user’)

O4 - Global Startup: Raconfig.lnk = C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{B4F251F9-1325-4F30-81CB-4FD82AE508C9}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

–

End of file - 4577 bytes

Gutek · 31 Styczeń 2010 10:56

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny.

Pozdrawiam Gutek

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Pokaż log z: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan. - otl-gmer-rsit-dds-inne-instrukcje-t370405.html

system · 31 Styczeń 2010 11:35

No zrobilem to co pisales cos jeszcze czy to wystarczy ?

Gutek · 31 Styczeń 2010 11:37

Gdzie log, gdzie zmiana tytułu tematu?

system · 31 Styczeń 2010 11:43

OTL Extras logfile created on: 2010-01-31 13:02:10 - Run 1

OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\SysOp\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 9,81 Gb Free Space | 50,21% Space Free | Partition Type: NTFS

Drive D: | 48,83 Gb Total Space | 47,74 Gb Free Space | 97,77% Space Free | Partition Type: NTFS

Drive E: | 80,68 Gb Total Space | 80,61 Gb Free Space | 99,92% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WINDT_09

Current User Name: SysOp

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = htmlfile] – C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %*

cmdfile [open] – “%1” %*

comfile [open] – “%1” %*

exefile [open] – “%1” %*

htmlfile [edit] – Reg Error: Key error.

htmlfile [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

htmlfile [opennew] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

http [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

https [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)

piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1”

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] – “%1” /S

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] – cmd.exe /k cd “%L” (Microsoft Corporation)

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] – “C:\Program Files\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.)

Directory [Winamp.Enqueue] – “C:\Program Files\Winamp\winamp.exe” /ADD “%1” (Nullsoft, Inc.)

Directory [Winamp.Play] – “C:\Program Files\Winamp\winamp.exe” “%1” (Nullsoft, Inc.)

Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 0

“DisableNotifications” = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“C:\Program Files\Skype\Plugin Manager\skypePM.exe” = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager – (Skype Technologies)

“C:\Program Files\Opera\opera.exe” = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser – (Opera Software)

“C:\Program Files\Skype\Phone\Skype.exe” = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype – (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}” = Conflict Desert Storm II

“{20D4A895-748C-4D88-871C-FDB1695B0169}” = Platform

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}” = JMB36X Raid Configurer

“{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}” = DAEMON Tools

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{9198A23F-C33C-4907-9715-96DE7D4AF27D}” = RT2400 Wireless LAN Card

“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

“{A06275F4-324B-4E85-95E6-87B2CD729401}” = Windows Defender

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{ADE91A13-434D-4229-00BC-182BAD607303}” = Need for Speed™ Most Wanted

“{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1” = Spybot - Search & Destroy

“{D103C4BA-F905-437A-8049-DB24763BBE36}” = Skype™ 4.1

“{DD1865F0-AD73-40FB-B23E-1822E02396FF}” = NVIDIA PhysX

“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX

“{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime - (v9.0.30729)

“{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime - v9.0.30729.01

“{FB8148DD-C575-4B0A-9F6C-0CFC46937930}” = Opera 10.10

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“CS16 Full v32.1 Non-Steam” = CS16 Full v32.1 Non-Steam

“DesertStorm_is1” = Conflict: Desert Storm

“EXPERTool_is1” = EXPERTool 7.2

“Gadu-Gadu” = Gadu-Gadu 7.7

“Gadu-Gadu 10” = Gadu-Gadu 10

“Google Chrome” = Google Chrome

“HFSLIPTotalSlipstream” = HFSLIP Total Slipstream (v1.7.8, build 80614)

“HijackThis” = HijackThis 2.0.2

“InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}” = VIA Platform Device Manager

“ipla” = ipla 2.1.1

“NVIDIA Drivers” = NVIDIA Drivers

“RegDoctor_is1” = RegDoctor 2.11

“Winamp” = Winamp

“WinRAR archiver” = Archiwizator WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“IconTweaker” = IconTweaker 1.11

“Winamp Detect” = Detektor Winampa

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2010-01-30 07:52:19 | Computer Name = WINDT_09 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-01-30 08:21:20 | Computer Name = WINDT_09 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 2010-01-30 08:22:04 | Computer Name = WINDT_09 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 2010-01-30 08:30:15 | Computer Name = WINDT_09 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 2010-01-30 09:11:47 | Computer Name = WINDT_09 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-01-30 14:50:59 | Computer Name = WINDT_09 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-01-31 05:39:52 | Computer Name = WINDT_09 | Source = pctsSvc.exe | ID = 0

Description =

Error - 2010-01-31 05:52:25 | Computer Name = WINDT_09 | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-01-31 07:08:00 | Computer Name = WINDT_09 | Source = MPSampleSubmission | ID = 5000

Description =

Error - 2010-01-31 07:10:36 | Computer Name = WINDT_09 | Source = MPSampleSubmission | ID = 5000

Description =

[System Events]

Error - 2010-01-31 05:45:56 | Computer Name = WINDT_09 | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2010-01-31 05:45:57 | Computer Name = WINDT_09 | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2010-01-31 05:49:14 | Computer Name = WINDT_09 | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-01-31 05:52:43 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-01-31 05:52:43 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2010-01-31 05:56:58 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-01-31 05:56:58 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2010-01-31 06:05:07 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-01-31 06:05:07 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

Error - 2010-01-31 06:49:05 | Computer Name = WINDT_09 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu

następującego błędu: %%2

< End of report >

Gutek · 31 Styczeń 2010 11:57

Nie ten log z OTL.txt - i Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

system · 31 Styczeń 2010 12:00

http://wklej.org/id/271670/

TO JEST LINK DO TEGO LOGA

Gutek · 31 Styczeń 2010 12:11

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, w OTL kliknij na przycisk CleanUp.

jeden usuń program.

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

CCleaner http://www.dobreprogramy.pl/CCleaner,Pr … 13061.html

EDIT: Poprawiłem tytuł tematu - na przyszłość opisuj problem, nie używaj przy pisaniu Caps Lock

Valcrist · 7 Luty 2011 06:24

To tak zaczne od tego ze znalazlem w programach AKAMAI SESSION INTERFACE z usunieciem nie bylo problemu uzylem programu “Malwarebytes’ Anti-Malware” wykryl to jako trojana, usunal po restarcie.

Kolejnie znalalzem ten HFPLIP TOTAL SLIPSTREAM (v2.0.0pre-alpha, build 80630a)

podobnie jak radziles tamtej osobie uzylem OTL oto wynik rejestu

OTL Extras logfile created on: 2011-02-07 07:09:04 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 37,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27,98 Gb Total Space | 21,16 Gb Free Space | 75,64% Space Free | Partition Type: FAT32

Drive D: | 28,00 Gb Total Space | 26,72 Gb Free Space | 95,44% Space Free | Partition Type: NTFS

Drive E: | 12,00 Gb Total Space | 11,41 Gb Free Space | 95,07% Space Free | Partition Type: NTFS

Drive F: | 50,00 Gb Total Space | 42,63 Gb Free Space | 85,25% Space Free | Partition Type: NTFS

Drive G: | 100,00 Gb Total Space | 98,19 Gb Free Space | 98,19% Space Free | Partition Type: NTFS

Drive H: | 14,87 Gb Total Space | 12,60 Gb Free Space | 84,73% Space Free | Partition Type: NTFS

Drive I: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive J: | 14,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ZŁOM | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.url [@ = InternetShortcut] – rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %*

batfile [print] – Reg Error: Key error.

cmdfile [open] – “%1” %*

cmdfile [print] – Reg Error: Key error.

comfile [open] – “%1” %*

cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

exefile [open] – “%1” %*

htmlfile [edit] – Reg Error: Key error.

inffile [print] – Reg Error: Key error.

inifile [print] – Reg Error: Key error.

InternetShortcut [open] – rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] – Reg Error: Key error.

piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.

regfile [print] – Reg Error: Key error.

scrfile [config] – “%1”

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] – “%1” /S

txtfile [edit] – Reg Error: Key error.

txtfile [print] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with FastStone] – “C:\Program Files\FastStone Image Viewer\FSViewer.exe” “%1” ()

Directory [cmd] – cmd.exe /k cd “%L” (Microsoft Corporation)

Directory [openNew] – explorer %1 (Microsoft Corporation)

Directory [Winamp.Bookmark] – “C:\Program Files\winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft)

Directory [Winamp.Enqueue] – “C:\Program Files\winamp\winamp.exe” /ADD “%1” (Nullsoft)

Directory [Winamp.Play] – “C:\Program Files\winamp\winamp.exe” “%1” (Nullsoft)

Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] – Reg Error: Key error.

Drive [find] – Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

“DisableSR” = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

“Start” = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

“EnableFirewall” = 0

“DoNotAllowExceptions” = 0

“DisableNotifications” = 0

“DisableUnicastResponsesToMulticastBroadcast” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 1

“DoNotAllowExceptions” = 1

“DisableNotifications” = 0

“DisableUnicastResponsesToMulticastBroadcast” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

“1057:TCP” = 1057:TCP:*:Enabled:Akamai NetSession Interface

“5000:UDP” = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“D:\Tibia\Tibia.exe” = D:\Tibia\Tibia.exe:*:Enabled:Tibia.exe – (CipSoft GmbH)

“C:\Program Files\Gadu-Gadu 10\gg.exe” = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 – (GG Network S.A.)

“D:\BattleForge\Bootstrapper.exe” = D:\BattleForge\Bootstrapper.exe:*:Disabled:BattleForge™ Launcher – (EA Phenomic)

“C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe” = C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe:*:Enabled:PLAY ONLINE – ()

“C:\Program Files\uTorrent\uTorrent.exe” = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent – ()

“D:\BattleForge\BattleForge.exe” = D:\BattleForge\BattleForge.exe:*:Disabled:BattleForge™ – (EA Phenomic)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{26A24AE4-039D-4CA4-87B4-2F83216023FF}” = Java 6 Update 23

“{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java 6 Update 7

“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater

“{53480330-E1D1-41CA-B8F8-7F78644F7F50}” = O&O Defrag Professional Edition

“{5AF71003-1797-4D93-9F37-4F2125CBF539}” = Microsoft .NET Framework 2.0 Language Pack - PLK

“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack

“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight

“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AC76BA86-7AD7-1033-7B44-A90000000001}” = Adobe Reader 9 Lite

“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2

“{C580908C-B3BA-4C19-BD60-16F02F272201}” = BattleForge™

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1

“{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}” = Ad-Aware

“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver

“{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime - (v9.0.30729)

“{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime - v9.0.30729.01

“Ad-Aware” = Ad-Aware

“Adobe Flash Player ActiveX” = Adobe Flash Player ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“Adobe Shockwave Player” = Adobe Shockwave Player 11

“ALLPlayer_is1” = ALLPlayer V4.X

“Driver Magician_is1” = Driver Magician 3.28

“Driver Sweeper” = Driver Sweeper 0.9 (Remove Only)

“DriveSpace” = Drive Space Indicator

“FastStone Image Viewer” = FastStone Image Viewer 3.5

“foobar2000” = foobar2000 v1.1

“Gadu-Gadu 10” = Gadu-Gadu 10

“GameDesire-Bingo” = GameDesire-Bingo

“GameDesire-Boards” = GameDesire-Boards

“GameDesire-Poker” = GameDesire-Poker

“GameDesire-Pool & Snooker” = GameDesire-Pool & Snooker

“GMailFS” = GMail Drive Shell Extension

“Google Chrome” = Google Chrome

“HFSLIPTotalSlipstream” = HFSLIP Total Slipstream (v2.0.0pre-alpha, build 80630a)

“KLiteCodecPack_is1” = K-Lite Codec Pack 6.4.0 (Full)

“MakeISO right click extensions” = MakeISO right click extensions

“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware

“McAfee Security Scan” = McAfee Security Scan Plus

“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1

“Microsoft .NET Framework 2.0 Language Pack - PLK” = Microsoft .NET Framework 2.0 — pakiet języka polskiego

“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1

“Mozilla Firefox (3.6.13)” = Mozilla Firefox (3.6.13)

“Mozilla Thunderbird (2.0.0.14)” = Mozilla Thunderbird (2.0.0.14)

“Nero8Lite_is1” = Nero 8 Micro 8.3.2.1b

“Notepad++” = Notepad++

“NVIDIA Drivers” = NVIDIA Drivers

“PLAY ONLINE” = PLAY ONLINE

“PowerISO” = PowerISO

“RealAlt_is1” = Real Alternative 2.0.2

“ShellExtension” = FirmTools 2.0 build 313

“Tibia_is1” = Tibia

“Unlocker” = Unlocker 1.8.7

“VisualTaskTips” = Visual Task Tips 2.3

“Winamp” = Winamp 5.54 addon by jeetu

“Windows Media Format Runtime” = Windows Media Format 11 runtime

“Windows Media Player” = Windows Media Player 11

“WinRAR archiver” = Archiwizator WinRAR

“Wolfenstein - Enemy Territory” = Wolfenstein - Enemy Territory

“Your Uninstaller! 2008_is1” = Your Uninstaller! 2008 Version 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“uTorrent” = µTorrent

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2010-09-11 18:29:06 | Computer Name = ZŁOM | Source = .NET Runtime Optimization Service | ID = 1111

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

Service reached limit of transient errors. Will shut down. Last error returned

from Service Manager: 0x800736b1.

Error - 2010-09-22 18:42:10 | Computer Name = ZŁOM | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 2010-10-04 14:41:05 | Computer Name = ZŁOM | Source = Google Update | ID = 20

Description =

[System Events]

Error - 2011-01-26 04:10:22 | Computer Name = ZŁOM | Source = DCOM | ID = 10005