olek89t
(Olek120)
18 Listopad 2007 11:18
#1
Mam problem z usunięciem dwóch wirusów mianowicie chodzi o:
Win32:Agent-LTS [Trj]
Win32:Adware-gen[Adw]
Nic nie moge zdziałać Avastem. Mniejwięcej co 5 min wykrywa mi te wiry. Nic nie pomaga ani kwarantanna ani usunięcie. Proszę o sprawdzzenie loga może tam tkwi problem.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:51, on 2007-11-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Programy\Avast 4.7\aswUpdSv.exe C:\Programy\Avast 4.7\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\Programy\Nero 8\Nero 8\Nero 8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programy\Avast 4.7\ashMaiSv.exe C:\Programy\Avast 4.7\ashWebSv.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Programy\DAEMON Tools\daemon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programy\AVAST4~1.7\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Programy\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ntvdm.exe C:\Programy\RocketDock\RocketDock.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\Programy\Windows Defender\MsMpEng.exe C:\Programy\Windows Defender\MSASCui.exe C:\WINDOWS\system32\lxcfcoms.exe C:\WINDOWS\system32\taskmgr.exe C:\Programy\NetPeeker_npgui.exe C:\Programy\Avant Browser\avant.exe C:\Programy\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Programy\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing) O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Programy\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM…\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM…\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Programy\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [NBKeyScan] “C:\Programy\Nero 8\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe” O4 - HKLM…\Run: [avast!] C:\Programy\AVAST4~1.7\ashDisp.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Windows Defender] “C:\Programy\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [bandwidth Monitor Pro] “C:\Programy\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe” /minimized O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Programy\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [RocketDock] “C:\Programy\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [AlcoholAutomount] “C:\Programy\Alcohol 120\axcmd.exe” /automount O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: NetPeeker.LNK = C:\Programy\NetPeeker\NPGUI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMY\FLASHGET\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMY\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: nopctrl - {3857F005-03D9-42C5-8E9A-9C9A39470126} - (no file) O21 - SSODL: ddkret - {08F93365-C529-448A-8B50-33E451FB08DC} - C:\WINDOWS\ddkret.dll O21 - SSODL: msmhost - {F278ED68-EB62-4608-A483-9D5110B59BEF} - C:\WINDOWS\msmhost.dll (file missing) O21 - SSODL: msmdev - {982404AD-4A75-43C3-B046-794B036C9186} - C:\WINDOWS\msmdev.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast 4.7\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast 4.7\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast 4.7\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast 4.7\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programy\Nero 8\Nero 8\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programy\VNC4\WinVNC4.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm – End of file - 13340 bytes
Gutek
(Gutek)
18 Listopad 2007 20:40
#2
usuń wpisy HJT
Pobierz The Avenger . Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:
kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).
Po tym - Daj log z ComboFix
olek89t
(Olek120)
18 Listopad 2007 22:02
#3
Wielkie dzienki za pomoc. Po tym jak zrobiłem to co mi kazałeś nic się niedzieje. Nie wywala mi co chwila wirów. Wygląda na to że problem zniknął. Przynajmiej jak narazie.
Kazałeś wklejić mi jeszcze loga z ComboFix ale nieestety program nie chciał mi odpalić prawidłowo więc wklajam log z Deckard’s System Scanner
Deckard’s System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Core2 CPU T5500 @ 1.66GHz CPU 1: Intel® Core2 CPU T5500 @ 1.66GHz Percentage of Memory in Use: 56% Physical Memory (total/avail): 1023.2 MiB / 449.01 MiB Pagefile Memory (total/avail): 3996.95 MiB / 3433.07 MiB Virtual Memory (total/avail): 2047.88 MiB / 1922.32 MiB C: is Fixed (FAT32) - 39.99 GiB total, 14.54 GiB free. D: is Fixed (NTFS) - 53.15 GiB total, 5 GiB free. E: is CDROM (No Media) F: is CDROM (CDFS) G: is CDROM (UDF) H: is CDROM (CDFS) I: is CDROM (No Media) J: is CDROM (No Media) K: is CDROM (No Media) \.\PHYSICALDRIVE0 - Hitachi HTS541610J9SA00 - 93.16 GiB - 2 partitions \PARTITION0 (bootable) - Unknown - 40 GiB - C: \PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 53.15 GiB - D: – Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Norton Internet Security v15.0.0.47 (Symantec Corporation) AV: Norton Internet Security v15.0.0.47 (Symantec Corporation) Outdated AV: avast! antivirus 4.7.1043 [VPS 071118-2] v4.7.1043 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “C:\Programy\Avant Browser\avant.exe”=“C:\Programy\Avant Browser\avant.exe:*:Enabled:Avant Browser” “C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger” “C:\Programy\Gadu-Gadu\gg.exe”=“C:\Programy\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny” “C:\Programy\FlashGet\flashget.exe”=“C:\Programy\FlashGet\flashget.exe:*:Enabled:Flashget” “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook” “C:\Program Files\Microsoft Office\Office12\groove.exe”=“C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove” “C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote” “C:\Programy\VNC4\winvnc4.exe”=“C:\Programy\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32” “C:\Programy\mIRC\mirc.exe”=“C:\Programy\mIRC\mirc.exe:*:Enabled:mIRC” “C:\Gry\Age of Empires II\age2_x1.exe”=“C:\Gry\Age of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion” “C:\Programy\PowerDVD\PowerDVD.exe”=“C:\Programy\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD” “D:\GRY\Quake III Arena\quake3.exe”=“D:\GRY\Quake III Arena\quake3.exe:*:Enabled:quake3” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” “C:\Programy\Macromedia\Flash MX\Flash Backup.exe”=“C:\Programy\Macromedia\Flash MX\Flash Backup.exe:*:Enabled:Flash 6.0 r51” “C:\Programy\Macromedia\Flash MX\Flash Backup1.exe”=“C:\Programy\Macromedia\Flash MX\Flash Backup1.exe:*:Enabled:Flash 6.0 r51” “C:\Programy\Macromedia\Flash MX\Flash.exe”=“C:\Programy\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r51” “D:\GRY\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe”=“D:\GRY\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Disabled:THE SETTLERS - Rise of an Empire” – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Aleksander\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-75CCFF0D7C ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Aleksander LOGONSERVER=\YOUR-75CCFF0D7C NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programy\QuickTime\QTSystem;C:\Program Files\Common Files\Nero\Lib\ PATHEXT=.COM ;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp USERDOMAIN=YOUR-75CCFF0D7C USERNAME=Aleksander USERPROFILE=C:\Documents and Settings\Aleksander windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI – User Profiles --------------------------------------------------------------- Aleksander (admin) Administrator (admin) – Add/Remove Programs --------------------------------------------------------- --> C:\Programy\Nero 8\Nero 8\Nero 8\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\SETUP.EXE” -l0x9 anything --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Żulionerzy NewGeneration --> “C:\Gry\Żulionerzy NG\unins000.exe” 7-Zip 4.42 --> “C:\Programy\7-Zip\Uninstall.exe” ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07} Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Reader 8 - Polish --> MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A80000000000} AIDA32 v3.93 --> “C:\Programy\AIDA32 - Enterprise System Information\unins000.exe” ALLPlayer V3.X --> “C:\Programy\ALLPlayer\unins000.exe” AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} Archiwizator WinRAR --> C:\Programy\WinRAR\uninstall.exe ASUS Live Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe” -l0x9 Asus MiVo Messenger --> “C:\Program Files\Asus\Asus MiVo Messenger\uninstall.exe” ASUS Splendid Video Enhancement Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe” -l0x9 -removeonly ASUS WebCam, 1.3M, USB2.0, FF --> C:\WINDOWS\StkUnist.exe ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE” -l0x9 ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe Avant Browser (remove only) --> “C:\Programy\Avant Browser\uninst.exe” avast! Antivirus --> rundll32 C:\Programy\AVAST4~1.7\Setup\setiface.dll,RunSetup AWicons Pro by Lokas Software --> C:\WINDOWS\AWuninstall.exe Software\Lokas Ltd\AWicons Pro Axialis IconWorkshop 6.0 --> C:\Programy\IconWorkshop\UnInstall.exe “IconWorkshop” “IconWorkshop.exe” Bandwidth Monitor Pro --> C:\WINDOWS\unvise32.exe C:\Programy\Bandwidth Monitor Pro\uninstal.log Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} CAM Wizard --> MsiExec.exe /I{EA561335-6495-47DE-A7A0-CD4ED101D4F6} ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09} CWK (Czasowy Wyłącznik Komputera) --> “C:\Programy\CWK\CWK.exe” /uninstall DeadLine Equation Solver --> “C:\Programy\DeadLine\unins000.exe” Deutsch Translator 2 --> C:\Programy\Deutsch Translator 2\setup.exe -uninstall Drogowa Mapa Europy --> C:\WINDOWS\uninst.exe -f"C:\Programy\Drogowa Mapa Europy\DeIsL1.isu" -c"C:\Programy\Drogowa Mapa Europy_ISREG32.DLL" Drzewo Genealogiczne --> MsiExec.exe /X{C003ED60-37EE-472E-8A2A-6FEB482F1CB0} Expressivo --> C:\Programy\ivo\Expressivo\UsunExpressivo.exe Flash Designer 5 PL (5.0.23.7) --> C:\Programy\FLASHD~1\Setup.exe /remove FlashGet(Jetcar) 1.81 --> C:\PROGRAMY\FLASHGET_UNWISE.EXE Gadu-Gadu 7.7 --> C:\Programy\Gadu-Gadu\Setup.exe Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe” -l0x9 GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe” -l0x9 -removeonly Hide IP Platinum 3.43 --> “C:\Programy\Hide IP Platinum\unins000.exe” High Definition Audio Driver Package - KB888111 --> HijackThis 2.0.2 --> “C:\Programy\Trend Micro\HijackThis\HijackThis.exe” /uninstall HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.2 --> “C:\Program Files\HP\Digital Imaging{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe” -datfile hposcr04.dat HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2} IconPackager --> C:\PROGRAMY\ICONPA~1\iconpackager.exe /uninstallwise Infineon TPM Professional Package --> MsiExec.exe /I{2A8CF485-5A4D-4C7D-8ACF-4AB98914D529} IVO Glossary --> C:\WINDOWS\IVO Glossary Uninstaller.exe IVONA - syntezator mowy, wersja rehabilitacyjna --> C:\Programy\ivo\Ivona_Rehab-1.0\UsunIvonaRehab.exe J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Language Pack for Ad-aware 6 --> C:\PROGRAMY\AD-AWA~1\LANG\LANGUA~1\UNWISE.EXE C:\PROGRAMY\AD-AWA~1\LANG\LANGUA~1\INSTALL.LOG Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE LifeFrame2 --> MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{D9ECBC61-0D76-4EDD-8D46-BB2BB0A02108} Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe” -l0xa UNINSTALL Mapa Polski 2007 --> “C:\Programy\Mapa Polski 2007\unins000.exe” mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft Office Access MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> “C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007 --> MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007 --> MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007 --> MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC --> C:\Programy\mIRC\uninstall.exe _?=C:\Programy\mIRC mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MoorHunt 0.4.1.0 --> “C:\Programy\MoorHunt\unins000.exe” Motorola SM56 Speakerphone Modem --> C:\Program Files\Asus\Asus MiVo Messenger\uninstall.exe /mdm Mozilla Sunbird (0.3) --> C:\Programy\Mozilla Sunbird\uninstall\uninst.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Navigo - Cyfrowy Atlas Polski --> MsiExec.exe /I{14F2F6A6-6AF3-491E-8D37-6051DD4DA6D4} Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D} Nero 8 --> MsiExec.exe /X{81C6BFED-691E-402A-95DA-F6DE1A351045} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetPeeker 2.81 --> C:\Programy\NetPeeker\uninstall.exe cfg=“C:\Programy\NetPeeker\UNINSTALL.CFG” /all NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Odkurzacz 10.9 Pro --> “C:\Programy\Odkurzacz\unins000.exe” Oprogramowanie Intel® PROSet/Wireless --> C:\WINDOWS\Installer\iProInst.exe Peer2Mail (remove only) --> “C:\Programy\Peer2Mail\uninst.exe” Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe” -l0x9 PowerDVD --> “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -l0x000409 /z-uninstall PowerDVD 7 --> “C:\Programy\PowerDVD\unins000.exe” Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"d:\gry\Quake III Arena\QIII.isu" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Real Alternative 1.60 --> “C:\Programy\Real Alternative\unins000.exe” RealSpeak PL - Dual demo - loader --> C:\Programy\ivo\RealLoader\Uninstal.exe Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe” -l0x15 -removeonly REALTEK PCIE NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\SETUP.EXE” -l0x15 REMOVE Rich Video Codec v1.6 --> C:\Program Files\RichVideoCodec\Uninstall.exe RocketDock 1.3.0 --> “C:\Programy\RocketDock\unins000.exe” Rysunek 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{711A5001-913E-4555-9F0B-64E2C541B946}\Setup.exe” -l0x15 -uninst Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for Step By Step Interactive Training (KB898458) --> Security Update for Step By Step Interactive Training (KB923723) --> “C:\WINDOWS$NtUninstallKB923723$\spuninst\spuninst.exe” Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sp5 --> MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl --> MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt --> MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} SpCommon --> MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpPhones --> MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} Spybot - Search & Destroy 1.4 --> “C:\Programy\Spybot - Search & Destroy\unins000.exe” StyleXP (remove only) --> “C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe” SubEdit-Player --> “C:\Programy\SubEdit-Player\unins000.exe” Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Synaptics Pointing Device Driver --> rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe THE SETTLERS - Rise of an Empire --> “C:\Program Files\InstallShield Installation Information{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe” -runfromtemp -l0x0009 -removeonly ToCA Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe” -l0x15 -removeonly Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb943559) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS$NtUninstallKB900325$\spuninst\spuninst.exe VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VNC Free Edition 4.1.2 --> “C:\Programy\VNC4\unins000.exe” Winamp (remove only) --> “C:\Programy\Winamp\UninstWA.exe” Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows XP Media Center Edition 2005 KB888316 --> Windows XP Media Center Edition 2005 KB890629 --> Windows XP Media Center Edition 2005 KB890760 --> Windows XP Media Center Edition 2005 KB895198 --> Windows XP Media Center Edition 2005 KB895678 --> Windows XP Media Center Edition 2005 KB911061 --> Windows XP Media Center Edition 2005 KB919803 --> “C:\WINDOWS$NtUninstallKB919803$\spuninst\spuninst.exe” WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe” -l0x9 Wireless Console 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe” -l0x9 -removeonly XP Codec Pack --> C:\Programy\XP Codec Pack\Uninstall.exe – Application Event Log ------------------------------------------------------- Event Record #/Type3871 / Warning Event Submitted/Written: 11/18/2007 10:20:35 PM Event ID/Source: 1524 / Userenv Event Description: System Windows nie może zwolnić pliku rejestru klas - plik jest ciągle używany przez inną aplikację lub usługę. Plik zostanie zwolniony, gdy nie będzie używany. Event Record #/Type3838 / Warning Event Submitted/Written: 11/18/2007 02:04:14 PM Event ID/Source: 1524 / Userenv Event Description: System Windows nie może zwolnić pliku rejestru klas - plik jest ciągle używany przez inną aplikację lub usługę. Plik zostanie zwolniony, gdy nie będzie używany. Event Record #/Type3825 / Warning Event Submitted/Written: 11/18/2007 01:35:33 PM Event ID/Source: 1524 / Userenv Event Description: System Windows nie może zwolnić pliku rejestru klas - plik jest ciągle używany przez inną aplikację lub usługę. Plik zostanie zwolniony, gdy nie będzie używany. Event Record #/Type3802 / Error Event Submitted/Written: 11/18/2007 11:26:44 AM Event ID/Source: 1 / nview_info Event Description: NVIEW : regsvr32: Mutex Recovery Code - after process f70 detached, mutex recovered. NView (and Mutexes) are now enabled again. Event Record #/Type3801 / Error Event Submitted/Written: 11/18/2007 11:24:45 AM Event ID/Source: 1 / nview_info Event Description: NVIEW : ashDisp: Mutex Recovery on THREAD_DETACH! - Info:PID:d44, TID:174c, Name:C:\Programy\AVAST4~1.7\ashDisp.exe - NView (and Mutexes) are now enabled again. – Security Event Log ---------------------------------------------------------- No Errors/Warnings found. – System Event Log ------------------------------------------------------------ Event Record #/Type8179 / Warning Event Submitted/Written: 11/18/2007 10:48:31 PM Event ID/Source: 3004 / WinDefend Event Description: %YOUR-75CCFF0D7C27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-75CCFF0D7C27 can’t undo changes that you allow. For more information please see the following: %YOUR-75CCFF0D7C275 Scan ID: {DB1EB790-BC57-4254-8DA8-7E6FDA6DF1BA} User: YOUR-75CCFF0D7C\Aleksander Name: %YOUR-75CCFF0D7C271 ID: %YOUR-75CCFF0D7C272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %YOUR-75CCFF0D7C276 Alert Type: %YOUR-75CCFF0D7C278 Detection Type: 1.1.1593.02 Event Record #/Type8178 / Warning Event Submitted/Written: 11/18/2007 10:48:31 PM Event ID/Source: 3004 / WinDefend Event Description: %YOUR-75CCFF0D7C27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-75CCFF0D7C27 can’t undo changes that you allow. For more information please see the following: %YOUR-75CCFF0D7C275 Scan ID: {B5758A91-230B-4ED9-BFFD-0DCBB2BED782} User: YOUR-75CCFF0D7C\Aleksander Name: %YOUR-75CCFF0D7C271 ID: %YOUR-75CCFF0D7C272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %YOUR-75CCFF0D7C276 Alert Type: %YOUR-75CCFF0D7C278 Detection Type: 1.1.1593.02 Event Record #/Type8177 / Warning Event Submitted/Written: 11/18/2007 10:48:31 PM Event ID/Source: 3004 / WinDefend Event Description: %YOUR-75CCFF0D7C27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-75CCFF0D7C27 can’t undo changes that you allow. For more information please see the following: %YOUR-75CCFF0D7C275 Scan ID: {40A4D3D3-4560-47FA-B5D4-611CBFA1D4A3} User: YOUR-75CCFF0D7C\Aleksander Name: %YOUR-75CCFF0D7C271 ID: %YOUR-75CCFF0D7C272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %YOUR-75CCFF0D7C276 Alert Type: %YOUR-75CCFF0D7C278 Detection Type: 1.1.1593.02 Event Record #/Type8176 / Warning Event Submitted/Written: 11/18/2007 10:48:31 PM Event ID/Source: 3004 / WinDefend Event Description: %YOUR-75CCFF0D7C27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-75CCFF0D7C27 can’t undo changes that you allow. For more information please see the following: %YOUR-75CCFF0D7C275 Scan ID: {EFC76BE1-5450-4B79-BD80-A88FA11C1F57} User: YOUR-75CCFF0D7C\Aleksander Name: %YOUR-75CCFF0D7C271 ID: %YOUR-75CCFF0D7C272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %YOUR-75CCFF0D7C276 Alert Type: %YOUR-75CCFF0D7C278 Detection Type: 1.1.1593.02 Event Record #/Type8175 / Warning Event Submitted/Written: 11/18/2007 10:48:30 PM Event ID/Source: 3004 / WinDefend Event Description: %YOUR-75CCFF0D7C27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-75CCFF0D7C27 can’t undo changes that you allow. For more information please see the following: %YOUR-75CCFF0D7C275 Scan ID: {D4A44720-D265-48B8-B703-63E1E6A80C85} User: YOUR-75CCFF0D7C\Aleksander Name: %YOUR-75CCFF0D7C271 ID: %YOUR-75CCFF0D7C272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %YOUR-75CCFF0D7C276 Alert Type: %YOUR-75CCFF0D7C278 Detection Type: 1.1.1593.02 – End of Deckard’s System Scanner: finished at 2007-11-18 22:48:56 ------------