Wirus TR/small.ahvm

Dla specjalistów Bezpieczeństwo
#1 
OTL logfile created on: 2011-03-05 11:57:44 - Run 1

OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\kasia\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70,00 Gb Total Space | 5,62 Gb Free Space | 8,02% Space Free | Partition Type: NTFS

Drive J: | 145,00 Gb Total Space | 2,64 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive K: | 125,75 Gb Total Space | 37,93 Gb Free Space | 30,16% Space Free | Partition Type: NTFS

Drive M: | 125,00 Gb Total Space | 5,13 Gb Free Space | 4,10% Space Free | Partition Type: NTFS


Computer Name: KASIA-DEE0A85AF | User Name: kasia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2011-03-05 11:54:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kasia\Pulpit\OTL_3.2.22.2(dobreprogramy.pl).exe

PRC - [2011-03-04 12:27:54 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-10-25 08:14:01 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010-05-05 16:02:16 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe

PRC - [2010-04-08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

PRC - [2010-04-08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

PRC - [2010-04-08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

PRC - [2010-02-01 22:32:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010-02-01 22:32:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2009-12-22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe

PRC - [2009-12-08 22:01:03 | 000,470,785 | ---- | M] (Avira GmbH) -- c:\Program Files\Avira\AntiVir Desktop\avcenter.exe

PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-04-23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-08-04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008-04-01 02:54:06 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe

PRC - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe

PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2011-03-05 11:54:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kasia\Pulpit\OTL_3.2.22.2(dobreprogramy.pl).exe

MOD - [2010-05-05 16:02:16 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll

MOD - [2006-07-11 17:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2011-01-06 12:08:57 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)

SRV - [2010-04-08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)

SRV - [2010-04-08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)

SRV - [2010-04-08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)

SRV - [2009-12-22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)

SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2011-03-05 08:44:51 | 000,053,760 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\aixyh.sys -- (rbvcyzaiq)

DRV - [2010-11-02 14:18:33 | 000,096,200 | ---- | M] (CyberDefender Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAVFS.sys -- (CDAVFS)

DRV - [2010-06-26 12:14:14 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010-06-26 12:14:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010-03-30 19:00:22 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2010-02-24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2009-12-08 22:01:03 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-10-17 11:17:34 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-05-22 16:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009-05-20 07:00:50 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2006-01-04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005-12-22 11:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005-12-22 11:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005-12-22 11:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005-08-30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2005-08-30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2005-08-30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2005-04-14 02:00:00 | 000,138,112 | R--- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0090Vid.sys -- (V0090VID)

DRV - [2004-11-29 19:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004-11-25 17:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2004-10-28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004-08-03 22:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.pl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-515967899-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=CYB4DF&PC=CYB4&q="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019

FF - prefs.js..extensions.enabledItems: SignPlugin@bph.pl:1.4.0.3

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0

FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&apn_uid=5C95F878-7187-44B9-BCF2-D190CC0233E6&apn_ptnrs=UG&apn_sauid=CCF2682B-D375-47A1-A0C3-C52D9DFED797&apn_dtid=&q="


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-03 12:14:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-11-02 14:20:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010-11-02 14:20:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-04 12:28:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-04 12:28:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-03-17 20:02:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-05-08 13:31:28 | 000,000,000 | ---D | M]


[2009-11-20 21:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Extensions

[2011-03-05 11:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions

[2009-10-07 12:28:10 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2010-09-02 10:37:23 | 000,000,000 | ---D | M] (Babylon-English Toolbar) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}

[2010-03-27 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}chrome

[2009-11-26 19:30:12 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\DTToolbar@toolbarnet.com

[2010-09-02 10:38:07 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\ffxtlbr@Facemoods.com

[2010-11-30 18:33:58 | 000,000,000 | ---D | M] (BPH Sign Plugin) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\SignPlugin@bph.pl

[2010-10-17 16:05:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\extensions\toolbar@ask.com

[2011-03-04 19:32:34 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\askcom.xml

[2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\BearShareWebSearch.xml

[2010-11-04 20:30:22 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\bing.xml

[2009-10-17 11:19:22 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\daemon-search.xml

[2009-10-28 19:45:10 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\MyStart Search.xml

[2009-10-07 12:28:14 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\kasia\Dane aplikacji\Mozilla\Firefox\Profiles\u3n0sbtu.default\searchplugins\winamp-search.xml

[2011-03-05 11:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-05-07 16:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-04-03 12:14:57 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

[2009-11-12 14:59:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009-08-31 13:09:14 | 000,677,368 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBREAKOUT.dll

[2010-05-18 13:39:58 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2009-08-31 13:54:30 | 000,882,176 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPDARTS.dll

[2010-04-12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-09-18 15:43:32 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2009-08-31 13:10:50 | 000,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMARBLES.dll

[2009-08-31 13:09:54 | 000,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll

[2009-08-31 13:11:06 | 000,669,176 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPWORDS.dll

[2009-08-31 13:11:12 | 000,587,280 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll

[2010-10-21 18:31:15 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-09-02 10:37:20 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2009-12-03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

[2010-10-21 18:31:15 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-03-28 17:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchFxt.xml

[2010-10-21 18:31:15 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-10-21 18:31:15 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-10-21 18:31:15 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-10-21 18:31:15 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2001-10-26 14:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Groove GFS Browser Helper) - {29367E05-5D08-3EE3-5148-6501355D7EAC} - File not found

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr1.dll (Conduit Ltd.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\tbgr1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-515967899-2000478354-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)

O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [ALLUpdate] File not found

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [ares] File not found

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [NordBull] File not found

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [PopRock] File not found

O4 - HKU\S-1-5-21-515967899-2000478354-839522115-1003..\Run: [Software Informer] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()

O4 - Startup: C:\Documents and Settings\kasia\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-515967899-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\kasia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\kasia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-07 10:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2\{63f9f67e-72f7-11df-8e43-0023ee02bf5a}\Shell\AutoRun\command - "" = O:\12gn6id2.exe

O33 - MountPoints2\{63f9f67e-72f7-11df-8e43-0023ee02bf5a}\Shell\open\Command - "" = O:\12gn6id2.exe

O33 - MountPoints2\{8fef76a7-4bde-11df-8d73-0023ee02bf5a}\Shell\AutoRun\command - "" = O:\ysyjq1bs.exe

O33 - MountPoints2\{8fef76a7-4bde-11df-8d73-0023ee02bf5a}\Shell\open\Command - "" = O:\ysyjq1bs.exe

O33 - MountPoints2\{fc9d16ca-c4b7-11de-8a99-0023ee02bf5a}\Shell\AutoRun\command - "" = p.exe

O33 - MountPoints2\{fc9d16ca-c4b7-11de-8a99-0023ee02bf5a}\Shell\open\Command - "" = p.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


File not found -- C:\Documents and Settings\kasia\Pulpit\3996462.

File not found -- C:\Documents and Settings\kasia\Pulpit\2539370.

File not found -- C:\Documents and Settings\kasia\Pulpit\1655191.

[2011-03-05 11:54:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kasia\Pulpit\OTL_3.2.22.2(dobreprogramy.pl).exe

[2011-03-04 21:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\Nowy folder

[2011-03-04 21:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\resztaa

[2011-03-04 16:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\Romantik

[2011-03-04 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\dla madzi

[2011-03-03 21:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Menu Start\Programy\Frogger 2 - Swampy's Revenge

[2011-03-02 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\Nowy folder (3)

[2011-02-27 20:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\Nowy folder (2)

[2011-02-27 20:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\VEVO Steps (When Thugs Cry)

[2011-02-27 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\VEVO Steps (They Don't Give About Us)

[2011-02-26 12:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\wilkstepowy

[2011-02-25 11:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\na praktyki

[2011-02-23 16:01:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Futuremark

[2011-02-23 16:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark

[2011-02-23 16:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Futuremark

[2011-02-21 18:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\stepmania

[2011-02-20 11:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Pulpit\gra

[2011-02-18 15:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Moje dokumenty\StarCraft II

[2011-02-18 15:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\StarCraft II

[2011-02-18 15:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2011-02-18 15:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment

[2011-02-16 20:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Black & White 2

[2011-02-16 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios

[2011-02-16 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Dane aplikacji\NVIDIA

[2011-02-15 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation

[2011-02-15 18:02:00 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll

[2011-02-15 18:02:00 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll

[2011-02-15 18:02:00 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll

[2011-02-15 18:02:00 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll

[2011-02-15 18:01:59 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll

[2011-02-15 18:01:31 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011-02-15 17:31:38 | 124,405,528 | ---- | C] (NVIDIA Corporation) -- C:\Documents and Settings\kasia\Pulpit\266.58_desktop_winxp_32bit_international_whql.exe

[2011-02-14 20:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Dane aplikacji\Dying for Daylight Shared

[2011-02-14 20:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kasia\Dane aplikacji\Dying for Daylight

[2011-02-14 20:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Dying for Daylight

[2010-04-20 14:11:51 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


File not found -- C:\Documents and Settings\kasia\Pulpit\3996462.

File not found -- C:\Documents and Settings\kasia\Pulpit\2539370.

File not found -- C:\Documents and Settings\kasia\Pulpit\1655191.

[2011-03-05 12:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2011-03-05 12:00:00 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2011-03-05 11:54:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kasia\Pulpit\OTL_3.2.22.2(dobreprogramy.pl).exe

[2011-03-05 11:34:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011-03-05 11:34:23 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011-03-05 11:34:02 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\dll.dll

[2011-03-05 11:34:02 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat

[2011-03-05 11:34:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-03-05 08:44:51 | 000,053,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aixyh.sys

[2011-03-05 08:31:34 | 000,296,072 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll

[2011-03-04 21:19:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011-03-04 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011-03-04 20:17:22 | 000,163,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys

[2011-03-04 20:16:59 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\cryptnet32.dll

[2011-03-03 21:22:15 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Frogger 2 - Swampy's Revenge.lnk

[2011-03-03 21:11:53 | 046,183,057 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Frogger 2 - Swampy's Revenge.exe

[2011-03-02 20:33:35 | 000,246,487 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Nachteile.jpg

[2011-03-02 20:32:54 | 000,253,451 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Vorteile.jpg

[2011-03-02 20:18:22 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2011-03-02 20:17:29 | 000,410,011 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\perfumy fm 001.jpg

[2011-03-02 20:15:54 | 000,433,725 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\perfumy fm.jpg

[2011-03-02 16:38:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011-03-01 20:39:58 | 000,009,083 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\mity.gif

[2011-03-01 20:17:43 | 000,079,852 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\2010_09_01.jpg

[2011-03-01 20:14:32 | 000,089,284 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\aberglaube.jpg

[2011-03-01 19:33:39 | 000,501,504 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2011-03-01 19:33:39 | 000,442,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011-03-01 19:33:39 | 000,089,502 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2011-03-01 19:33:39 | 000,071,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011-03-01 19:32:45 | 000,007,323 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\qcpmpjzonw.zip

[2011-02-27 21:04:43 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-02-27 20:06:19 | 041,306,156 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Nena - 99 red ballons.mp3 [mp3].wav

[2011-02-27 20:01:08 | 005,974,016 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Nena - 99 red ballons.mp3 [mp3].mp3

[2011-02-25 15:08:21 | 000,810,369 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Hesse Hermann - Wilk Stepowy.pdf

[2011-02-25 14:10:01 | 001,222,758 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\plan.jpg

[2011-02-25 13:54:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2011-02-23 16:01:48 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\3DMark03.lnk

[2011-02-23 13:20:18 | 000,196,613 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\3b.jpg

[2011-02-23 13:19:57 | 000,205,971 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\3a.jpg

[2011-02-18 15:26:24 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\StarCraft II.lnk

[2011-02-16 17:13:55 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011-02-16 17:13:55 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011-02-16 17:13:27 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011-02-15 18:03:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2011-02-15 18:02:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk

[2011-02-15 18:00:49 | 124,405,528 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\kasia\Pulpit\266.58_desktop_winxp_32bit_international_whql.exe

[2011-02-15 16:50:19 | 000,211,251 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011-02-14 20:55:00 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\kasia\Pulpit\Charlaine Harris Dying for Daylight BFG.lnk

[2011-02-12 09:20:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2011-03-05 08:31:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dll.dll

[2011-03-04 23:05:06 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat

[2011-03-04 20:17:21 | 000,163,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys

[2011-03-04 20:17:16 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aixyh.sys

[2011-03-04 20:16:59 | 000,296,072 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll

[2011-03-04 20:16:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll

[2011-03-03 21:22:15 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Frogger 2 - Swampy's Revenge.lnk

[2011-03-03 20:58:45 | 046,183,057 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Frogger 2 - Swampy's Revenge.exe

[2011-03-02 20:33:15 | 000,246,487 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Nachteile.jpg

[2011-03-02 20:32:30 | 000,253,451 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Vorteile.jpg

[2011-03-02 20:17:08 | 000,410,011 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\perfumy fm 001.jpg

[2011-03-02 20:15:25 | 000,433,725 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\perfumy fm.jpg

[2011-03-01 20:39:58 | 000,009,083 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\mity.gif

[2011-03-01 20:17:43 | 000,079,852 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\2010_09_01.jpg

[2011-03-01 20:14:32 | 000,089,284 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\aberglaube.jpg

[2011-03-01 19:32:45 | 000,007,323 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\qcpmpjzonw.zip

[2011-02-27 20:06:17 | 041,306,156 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Nena - 99 red ballons.mp3 [mp3].wav

[2011-02-27 19:59:14 | 005,974,016 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Nena - 99 red ballons.mp3 [mp3].mp3

[2011-02-25 15:08:16 | 000,810,369 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Hesse Hermann - Wilk Stepowy.pdf

[2011-02-25 14:10:01 | 001,222,758 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\plan.jpg

[2011-02-23 16:01:48 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\3DMark03.lnk

[2011-02-23 16:01:37 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2011-02-23 13:20:18 | 000,196,613 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\3b.jpg

[2011-02-23 13:19:57 | 000,205,971 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\3a.jpg

[2011-02-18 15:16:50 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\StarCraft II.lnk

[2011-02-15 18:02:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011-02-15 18:02:13 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011-02-15 18:02:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011-02-15 18:02:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk

[2011-02-15 18:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011-02-15 18:02:00 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb

[2011-02-14 20:55:00 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\kasia\Pulpit\Charlaine Harris Dying for Daylight BFG.lnk

[2011-01-23 12:19:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010-09-27 08:04:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-08-26 15:33:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-08-26 15:33:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-08-26 15:33:42 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-08-26 15:33:42 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-08-26 15:33:42 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-06-26 12:14:14 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010-06-26 12:14:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010-05-03 21:00:48 | 000,001,593 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2010-05-01 17:36:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\AVUNTOOL.EXE

[2010-04-03 12:25:42 | 000,000,524 | ---- | C] () -- C:\WINDOWS\hpomdl45.dat.temp

[2010-04-03 12:08:30 | 000,172,819 | ---- | C] () -- C:\WINDOWS\hpoins45.dat

[2010-04-03 12:08:30 | 000,000,524 | ---- | C] () -- C:\WINDOWS\hpomdl45.dat

[2010-03-07 20:29:02 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2010-02-15 16:03:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010-01-28 19:12:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kasia\Dane aplikacji\AVSMediaPlayer.m3u

[2010-01-16 14:04:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009-12-27 23:04:39 | 000,001,270 | ---- | C] () -- C:\WINDOWS\kaillera.ini

[2009-12-24 11:25:02 | 000,173,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2009-11-14 19:18:55 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\TXTUSER.EXE

[2009-11-02 20:57:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1037709799.bin

[2009-11-01 20:37:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2009-11-01 20:35:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009-10-19 12:46:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009-10-09 17:03:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-10-09 16:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009-10-08 20:06:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009-10-07 14:50:48 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-10-07 12:29:39 | 000,001,174 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2009-10-07 12:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009-10-07 12:00:34 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-10-07 11:59:32 | 000,323,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-10-07 10:21:03 | 000,030,059 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009-10-07 10:19:21 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009-10-07 10:19:15 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2009-10-07 10:19:11 | 000,021,891 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009-10-07 10:19:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009-10-07 10:12:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009-10-07 10:07:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004-08-03 23:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001-10-26 15:15:16 | 000,501,504 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2001-10-26 15:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2001-10-26 15:15:16 | 000,089,502 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2001-10-26 15:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2001-08-23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001-08-23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001-08-17 20:30:24 | 000,442,204 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001-08-17 20:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001-08-17 20:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001-08-17 20:30:22 | 000,071,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001-08-17 20:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001-07-21 21:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001-07-21 21:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001-07-21 21:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5B43B7AD


< End of report >

Proszę o sprawdzenie loga:D

#2

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

wklej na http://www.wklej.org/

:slight_smile:

#3

to dugi log extras.txt

OTL Extras logfile created on: 2011-03-05 11:57:44 - Run 1

OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\kasia\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70,00 Gb Total Space | 5,62 Gb Free Space | 8,02% Space Free | Partition Type: NTFS

Drive J: | 145,00 Gb Total Space | 2,64 Gb Free Space | 1,82% Space Free | Partition Type: NTFS

Drive K: | 125,75 Gb Total Space | 37,93 Gb Free Space | 30,16% Space Free | Partition Type: NTFS

Drive M: | 125,00 Gb Total Space | 5,13 Gb Free Space | 4,10% Space Free | Partition Type: NTFS


Computer Name: KASIA-DEE0A85AF | User Name: kasia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l


[HKEY_USERS\S-1-5-21-515967899-2000478354-839522115-1003\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Przeglądaj w XnView] -- "C:\Program Files\XnView\xnview.exe" "%1"

Directory [Unstopcp] -- "C:\Program Files\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1040:TCP" = 1040:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (Gadu-Gadu S.A.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail

"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail

"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Disabled:Gadu-Gadu 10 -- (GG Network S.A.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"K:\Victoria 2 (2010) -SKIDROW\PDFReader_Setup.exe" = K:\Victoria 2 (2010) -SKIDROW\PDFReader_Setup.exe:*:Enabled:PDF Reader 9.1

"C:\Documents and Settings\kasia\Ustawienia lokalne\Temp\is799009782\AInstaller.exe" = C:\Documents and Settings\kasia\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\CyberDefender\AntiSpyware\cdas896.exe" = C:\Program Files\CyberDefender\AntiSpyware\cdas896.exe:*:Enabled:CyberDefender Internet Security

"K:\StarCraft II\StarCraft II.exe" = K:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Documents and Settings\kasia\Pulpit\ChampionsOnlineF2P.exe" = C:\Documents and Settings\kasia\Pulpit\ChampionsOnlineF2P.exe:*:Enabled:ChampionsOnlineF2P



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B35D4FD-AB46-42AE-813A-E8AA81DE67D3}" = Farm Frenzy - Gone Fishing

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1

"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1

"{6372F44B-392B-4FD8-AF1E-E185283F6528}" = DJ_AIO_06_K209a-z_SW_Min

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92C7D009-A464-4948-A980-7A3E28CB2F49}" = Richard Burns Rally

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver

"{9EBE0B76-9FE4-47CD-9C18-02B7C9B61D2A}" = Duży słownik multimedialny polsko-niemiecki

"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B01E1F18-E453-4B6B-BD2E-8F2F6CCFEBF5}" = Samsung PC Studio 3

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B54583DB-9624-4399-987C-1C6E929161E0}" = Duży słownik multimedialny niemiecko-polski

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}" = OpenOffice.org 3.2

"{DA95E878-B181-4366-A433-6145592707A8}" = SweetIM for Messenger 3.1

"{DB982BEA-E9FF-4C61-9058-57FFDA5076D1}" = HP Deskjet Ink Advant K209a-z All-in-One Driver Software 13.0 Rel .6

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform

"{EE51AA68-7BF9-4FB3-9BB4-57CCD2C7EFFA}" = K209a-z

"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"ALLPlayer_is1" = ALLPlayer V4.X

"ALUpdate_is1" = ALTools Update

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Campfire LedgendsJust For Fun Games" = Campfire LedgendsJust For Fun Games

"Campfire Legends 2 The Babysitter 1.00" = Campfire Legends 2 The Babysitter 1.00

"CASHFLOW® 202 THE E-GAME" = CASHFLOW® 202 THE E-GAME

"CASHFLOW® THE E-GAME" = CASHFLOW® THE E-GAME

"Charlaine Harris Dying for Daylight 1.00" = Charlaine Harris Dying for Daylight 1.00

"Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)

"CSI Kryminalne zagadki Miami" = CSI Kryminalne zagadki Miami

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"ENTERPRISE" = Microsoft Office Enterprise 2007

"facemoods" = facemoods

"Farm Frenzy" = Farm Frenzy

"Frogger 2: Swampy's Revenge" = Frogger 2: Swampy's Revenge

"Gadu-Gadu" = Gadu-Gadu 7.7

"Gadu-Gadu 10" = Gadu-Gadu 10

"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker

"GoldWave v5.58" = GoldWave v5.58

"Google Chrome" = Google Chrome

"Gray Matter_is1" = Gray Matter

"gry Toolbar" = gry Toolbar

"hotpot_is1" = HotPotatoes v 6.3.0.3

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"Kalendarz XP" = Kalendarz XP v29.85

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)

"Komputerowy Słownik Niemiecko-Polski_is1" = Komputerowy Słownik Niemiecko-Polski 0.7.8

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)

"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)

"MP3Producer" = MP3Producer

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Odlotowa farma" = Odlotowa farma

"OpenAL" = OpenAL

"Opera 11.01.1190" = Opera 11.01

"Orb" = Winamp Remote

"Pity 2009_is1" = Pity 2009

"Pool Hall Pro" = Pool Hall Pro

"Profesor Klaus 5.0 - Gramatyka_is1" = Profesor Klaus 5.0 - Gramatyka

"Profesor Klaus 5.0 - Rozumienie ze słuchu i Konwersacje_is1" = Profesor Klaus 5.0 - Rozumienie ze słuchu i Konwersacje

"Profesor Klaus 5.0 - Słownictwo_is1" = Profesor Klaus 5.0 - Słownictwo

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"QuickTime" = QuickTime

"RealAlt_is1" = Real Alternative 2.0.2

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Shop for HP Supplies" = Shop for HP Supplies

"StarCraft II" = StarCraft II

"Übungsblätter per Mausklick" = Übungsblätter per Mausklick

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.0.1

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = Archiwizator WinRAR

"Worms Reloaded_is1" = Worms Reloaded

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2011-02-16 10:02:56 | Computer Name = KASIA-DEE0A85AF | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd farmfrenzy3_arctica.exe, wersja 0.5.0.0,

 moduł powodujący błąd farmfrenzy3_arctica.exe, wersja 0.5.0.0, adres błędu 0x001fcdd6.


Error - 2011-02-20 11:17:58 | Computer Name = KASIA-DEE0A85AF | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-02-23 04:22:09 | Computer Name = KASIA-DEE0A85AF | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd farmfrenzygonefishing.exe, wersja 0.5.0.0,

 moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x43633a3a.


Error - 2011-02-23 05:52:35 | Computer Name = KASIA-DEE0A85AF | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd farmfrenzy3_arctica.exe, wersja 0.5.0.0,

 moduł powodujący błąd farmfrenzy3_arctica.exe, wersja 0.5.0.0, adres błędu 0x001fcdd6.


Error - 2011-02-27 14:43:28 | Computer Name = KASIA-DEE0A85AF | Source = ESENT | ID = 490

Description = svchost (1412) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

 przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

 (0xfffffbf8).


Error - 2011-02-27 14:43:28 | Computer Name = KASIA-DEE0A85AF | Source = ESENT | ID = 470

Description = Catalog Database (1412) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

 jest częściowo dołączona. Etap dołączania: 3. Błąd: -1032.


Error - 2011-02-28 10:47:42 | Computer Name = KASIA-DEE0A85AF | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca nero.exe, wersja 6.6.0.17, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-03-01 15:54:14 | Computer Name = KASIA-DEE0A85AF | Source = ESENT | ID = 490

Description = svchost (1148) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

 w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

 przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

 (0xfffffbf8).


Error - 2011-03-02 13:37:06 | Computer Name = KASIA-DEE0A85AF | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 4.1.6.5, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-03-03 16:28:25 | Computer Name = KASIA-DEE0A85AF | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd frogger2.exe, wersja 1.0.0.1, moduł powodujący

 błąd ggwhook.dll, wersja 7.6.0.1578, adres błędu 0x00008458.


[System Events]

Error - 2011-03-03 18:16:55 | Computer Name = KASIA-DEE0A85AF | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 82.139.36.252 dla karty sieciowej o adresie 0023EE02BF5A

 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat 

DHCPNACK).


Error - 2011-03-03 18:17:12 | Computer Name = KASIA-DEE0A85AF | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 192.168.100.2 dla karty sieciowej o adresie 0023EE02BF5A

 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat 

DHCPNACK).


Error - 2011-03-03 18:17:12 | Computer Name = KASIA-DEE0A85AF | Source = ipnathlp | ID = 32003

Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji

przez

 moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji,

 niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu.


Error - 2011-03-04 07:23:03 | Computer Name = KASIA-DEE0A85AF | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 82.139.36.252 dla karty sieciowej o adresie 0023EE02BF5A

 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat 

DHCPNACK).


Error - 2011-03-04 07:23:41 | Computer Name = KASIA-DEE0A85AF | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 192.168.100.2 dla karty sieciowej o adresie 0023EE02BF5A

 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat 

DHCPNACK).


Error - 2011-03-04 07:23:42 | Computer Name = KASIA-DEE0A85AF | Source = ipnathlp | ID = 32003

Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji

przez

 moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji,

 niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu.


Error - 2011-03-04 18:05:10 | Computer Name = KASIA-DEE0A85AF | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

 z usługą Avira AntiVir Guard.


Error - 2011-03-04 18:05:10 | Computer Name = KASIA-DEE0A85AF | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Avira AntiVir Guard z powodu następującego

 błędu: %%1053


Error - 2011-03-05 03:31:31 | Computer Name = KASIA-DEE0A85AF | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

 z usługą Avira AntiVir Guard.


Error - 2011-03-05 03:31:31 | Computer Name = KASIA-DEE0A85AF | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Avira AntiVir Guard z powodu następującego

 błędu: %%1053



< End of report >

LOG Malwarebytes’ Anti-Malware 1.50.1.1100

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org


Wersja bazy: 5962


Windows 5.1.2600 Dodatek Service Pack 2

Internet Explorer 6.0.2900.2180


2011-03-05 13:03:51

mbam-log-2011-03-05 (13-03-46).txt


Typ skanowania: Pełne skanowanie (C:\|J:\|K:\|M:\|)

Przeskanowano obiektów: 279557

Upłynęło: 42 minut(y), 39 sekund(y)


Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 1

Zainfekowanych kluczy rejestru: 3

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 10


Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych modułów w pamięci:

c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> No action taken.


Zainfekowanych kluczy rejestru:

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.


Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock (Trojan.Downloader) -> Value: PopRock -> No action taken.


Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> No action taken.

c:\documents and settings\kasia\ustawienia lokalne\Temp\_2DB.tmp (Trojan.Dropper) -> No action taken.

c:\program files\playlogic\poolhallpro\dvm.dll (VirTool.Obfuscator) -> No action taken.

c:\system volume information\_restore{4cc7f074-3d5f-44e0-baa2-d98e08745c20}\rp302\a0166892.dll (Trojan.Agent) -> No action taken.

c:\system volume information\_restore{4cc7f074-3d5f-44e0-baa2-d98e08745c20}\rp302\a0166921.dll (Trojan.Agent) -> No action taken.

k:\Bilard\pool.hall.pro-reloaded.p24\Crack\dvm.dll (VirTool.Obfuscator) -> No action taken.

c:\WINDOWS\system32\crt.dat (Malware.Trace) -> No action taken.

c:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.

c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> No action taken.

c:\WINDOWS\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> No action taken.

tak dodalem może to cos zmienia :slight_smile: jesli to juz wklejam jak napisales

Nie wiem moze użyć opcji usuń malawerbytes sobie poradzi co ty na to a plik z crakiem chyba nie przeszkadza czy tez go wywalić??

#4

a do kogo to pisałem?

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

[-X

#5

ok juz sie to nie powtórzy :smiley: ale kontynuując czy to cos zmienia - dodatkowe logi??

#6

usuń co Mbam znalazł

zastosuj podany przeze mnie skrypt

pokaż log po restarcie z usuwania

potem nowy skan i pokaż log

:slight_smile:

#7

log po restarcie z usuwania

http://www.wklej.org/id/487162/

Nowy skan z OTL

http://www.wklej.org/id/487174/

#8

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://www.bezpieczenstwosystemow.pl/in … opic=116.0

W OTL kilknij CleanUp (Sprzątanie)

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj

Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html

zainstaluj SP3

i

Internet Explorer 8 http://www.microsoft.com/windows/intern … sites.aspx

:slight_smile:

#9

CCleaner mam tam zakładke rejestr i tam duzo jakis problemów znalazło o co chcodzi i co mam z tym zrobić czy mam wziąć napraw zaznaczone problemy???

nie łapie tej optymalizacji jak mam to zrobić :stuck_out_tongue: nie mozna prościej heh zresztą nie wszystkie screeny są dostępne wiec nie wiem dokładnie co i jak…

Do czego słuzy wylaczanie i włączanie przywracania systemu??

#10

tak

Start >> uruchom >> msconfig >> OK >> zakładka uruchamianie zaznacz co nie potrzebujesz podczas startu systemu >> wyłącz

:slight_smile:

#11

Avira mi wykryla

jak zacząlem ściagać

ale usunąlem. mam nadzieje ze to nie mozliwe zeby n tej stronie bylo cos nie tak

Dodane 05.03.2011 (So) 15:19

sprawdz mi jeszcze raz jak mozesz czy juz jest ok

http://wklej.org/id/487230/

#12

przed Dr.WEB CureIt! było napisane wyłącz przywracanie systemu

po co ten log

przecież napisałem czysto

#13

Dzieki za pomoc :slight_smile: czysto =D>