[NIuniaM]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:31, on 2011-01-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Odkurzacz\odkurzacz.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Search - ?s=100000336&p=ZRfox000&si=&a=C46EZTVCHvgDqN2EJC6p3w&n=2010033016
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.c...b?1135291517906
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.c...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABE4826C-D17A-499F-9417-84E6562B70C5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6365 bytes



Objawy infekcji :

Na poczatku przez okolo tydzien staralam sie walczyc z redirecting wirusem w przegladarce w google korzystajac po kolei z : avast free trial-nic , potem eset online scanner i free trial -nic, potem spybot -nic, za kazdym razem jak uruchamialam komputer ponownie to dzialo sie dokladnie to samo. W akcie desperacji sciagnelam cos co nazywalo sie tdss remover czy podobnie i to zupelnie zamulilo mi kompa. Treaz jak chce sciagnac jakikolwiek program to anuluje mi sciaganie i usuwa jak cos sciagne z folderu do ktorego sciagam. Nie wiem czy to jest robota spybota ktory nie pozwala niczemu sie automatycznie siagnac czy nie. Usunelam wszystkie programy anty wir korzystajac z ich opcji unistall. Mysle ze gdzies sa jeszcze pozostalosci tego wszystkiego. Jedyny program jaki zostal na kompie to HI JAck This i Odkurzacz. Prosze o pomoc.

Pozdrawiam i dziekuje

[@Blade@]

HijackThis jest przestarzałym narzędziem i nic nim tutaj nie zdziałamy. Podaj logi z OTL i GMER

[NIuniaM]

Cześć,


przeczytalam poprzednie posty i wiem ze to powinnam zrobic, ale za kazdym razem kiedy staram sie sciagnac inny program to zostaje ta opcja anulowana, jesli to sciaganie ponawaim to owszem sciagnie sie ale jak tylko sciaganie sie konczy to zostaje ten plik automatycznie usuniety z folderu. Nie wiem co mam zrobic, chyba zostal mi tylko Format.
Mam jescze Odkurzacz tylko i nic wiecej .

[ Dodano: 2011-01-20, 19:08 ]
Myślę ,że to efekt SpyBota , bo on ma taka funkcję "immunize" i prawdopodobnie wtedy to sie stało ,a jak go usunełam to teraz nic nie moge z tym zrobić.Oczywiście mogę być w błędzie. W każdym razie neizależnie czy prze zIE czy Mozille zawsze mam ten sam problem ze sciagnaiem innych programow. Nie mam za to problemu ze sciganiem zdjęc itp. Jakies pomysly?

[@Blade@]

To spróbuj jeszcze pobrać te narzędzia w trybie awaryjnym z obsługą sieci lub pobierz na innym komputerze i przenieś na ten, bo za pomocą HijackThis i Odkurzacza to my tu nic nie zrobimy.

[NIuniaM]

OKI, ZW.

[NiuniaM]

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-20 20:03:20
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD600VE-00HDT0 rev.09.07D09
Running: gmer.exe; Driver: C:\DOCUME~1\Roman\USTAWI~1\Temp\pxrdqpoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 011EB1A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 011EBF35
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!send 71A54C27 5 Bytes JMP 011EBC3D
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 011EBE4E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 011EB0E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!recv 71A5676F 2 Bytes JMP 011EBCE3
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!recv + 3 71A56772 2 Bytes [79, 8F] {JNS 0xffffffffffffff91}
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 011EBD8D
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 011EB56A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 011EC1A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 011EC6DD
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 011EC0D6
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 011EC5F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 011ECA94
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 011ECB5E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 011EB645
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 011EC510
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 011EC34C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 011EBFC3
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 011EC270
.text C:\Program Files\Mozilla Firefox\firefox.exe[1756] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 011EC428

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000093 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000094 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Threads - GMER 1.0.15 ----

Thread System [4:5960] EBDA8600
Thread System [4:5956] EBDA72A0
Thread System [4:5952] EBDA5D20

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 86797

---- EOF - GMER 1.0.15 ----

[NIuniaM]

OTL Extras logfile created on: 2011-01-20 20:08:44 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = H:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 5,76 Gb Free Space | 14,75% Space Free | Partition Type: NTFS
Drive E: | 16,82 Gb Total Space | 14,51 Gb Free Space | 86,27% Space Free | Partition Type: NTFS
Drive H: | 983,72 Mb Total Space | 983,14 Mb Free Space | 99,94% Space Free | Partition Type: FAT

Computer Name: NATALIA | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 48

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe" = C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe:*:Disabled:hpgs2wnf Module
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\Program Files\Microsoft Office\Office\1045\WFXMSRVR.EXE" = C:\Program Files\Microsoft Office\Office\1045\WFXMSRVR.EXE:*:Enabled:WFXMSRVR -- ()
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" = C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:*:Enabled:HP Framework Component Manager Service
"C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe" = C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe:*:Disabled:HP Task Management Component
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice
"C:\Call of Duty 2\CoD2MP_s.exe" = C:\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"C:\Program Files\LowRateVoip\LowRateVoip.exe" = C:\Program Files\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Roman\Moje dokumenty\Pobieranie\Shockwave_Installer_Slim.exe" = C:\Documents and Settings\Roman\Moje dokumenty\Pobieranie\Shockwave_Installer_Slim.exe:*:Enabled:Shockwave_Installer_Slim.exe
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe" = C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Disabled:avast! Antivirus
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\DOCUME~1\Roman\USTAWI~1\Temp\0.47825559204136914.exe" = [String data over 1000 bytes]
"C:\Program Files\EDIMAX\Common\RaUI.exe" = C:\Program Files\EDIMAX\Common\RaUI.exe:*:Enabled:Wireless Utility
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 -- (Adobe Systems Incorporated)
"C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe" = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe:*:Enabled:802.11b+g USB Wireless LAN Utility
"C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe" = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe:*:Enabled:Belkin Wireless USB Utility -- (Belkin Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""SubEdit-Player + CodecPack"" = "SubEdit-Player + CodecPack"
"{00020415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{3C216C29-D74B-4ACF-852A-82C4F3EED2F7}" = Copy
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software (plk)
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.3 - Polish
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Dysk wspomnieniowy HP
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D4C963-742C-46BF-BC7A-16ADD39FF3B7}" = Destinations
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozszerzenie HighMAT do Kreatora zapisywania dysku CD w systemie Microsoft Windows XP
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIDA32_is1" = AIDA32 v3.93
"ALLPlayer V2.4_is1" = ALLPlayer V2.4
"Caesar 3" = Caesar 3
"CM" = CM
"DevalVR for Netscape" = DevalVR plugin for Netscape and compatible browsers
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hospital" = Theme Hospital
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"Intelligent Web Reader" = Intelligent Web Reader
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"Odkurzacz 12.5_is1" = Odkurzacz 12.5
"PowerISO" = PowerISO
"RSPCA Rabbits_is1" = RSPCA Rabbits
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-01-18 12:38:50 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-18 14:33:24 | Computer Name = NATALIA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd belkinwcui.exe, wersja 1.0.0.27, moduł powodujący
błąd blkwcapizu.dll, wersja 1.0.0.5, adres błędu 0x0000851c.

Error - 2011-01-18 14:35:37 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-18 14:36:12 | Computer Name = NATALIA | Source = Application Hang | ID = 1001
Description = Pakiet błędów 1116954496.

Error - 2011-01-19 12:52:58 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-19 21:15:59 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca odk_mpf.exe, wersja 2.5.0.13, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-19 21:20:27 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-19 21:20:30 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-19 21:20:30 | Computer Name = NATALIA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SpybotSD.exe, wersja 1.6.2.46, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-19 21:54:00 | Computer Name = NATALIA | Source = MsiInstaller | ID = 11905
Description = Produkt: Jupiter 2008 Standard -- Błąd 1905. Nie można wyrejestrować
modułu C:\Program Files\Elfin\Jupiter 2008 Standard\MotorX.ocx. HRESULT -2147220472.
Skontaktuj się z personelem obsługi technicznej. .

[ System Events ]
Error - 2011-01-19 21:51:57 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-01-19 21:51:57 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-01-19 21:51:58 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-01-19 22:00:05 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-19 22:21:23 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-19 23:17:27 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-20 09:07:23 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-20 11:12:33 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-20 11:24:11 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%2

Error - 2011-01-20 14:53:20 | Computer Name = NATALIA | Source = Service Control Manager | ID = 7011
Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji
z usługi Dnscache.


< End of report >
OTL logfile created on: 2011-01-20 20:08:44 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = H:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 5,76 Gb Free Space | 14,75% Space Free | Partition Type: NTFS
Drive E: | 16,82 Gb Total Space | 14,51 Gb Free Space | 86,27% Space Free | Partition Type: NTFS
Drive H: | 983,72 Mb Total Space | 983,14 Mb Free Space | 99,94% Space Free | Partition Type: FAT

Computer Name: NATALIA | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-01-20 18:52:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.com
PRC - [2010-11-08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Roman\Ustawienia lokalne\Temp\gmer.exe
PRC - [2010-04-16 06:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-04-01 18:05:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-15 16:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008-04-14 17:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-17 21:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007-04-10 21:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005-11-22 20:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005-10-11 11:54:48 | 000,339,968 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe
PRC - [2004-10-08 06:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010-04-16 06:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007-08-28 17:56:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-05-17 21:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005-11-22 20:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005-10-06 17:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2009-01-13 16:56:50 | 000,340,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2008-11-02 08:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-07-28 16:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008-04-13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 18:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-04-10 21:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006-08-16 15:29:33 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005-11-18 08:44:04 | 000,390,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd) USB PC Camera (SN9C102)
DRV - [2005-11-09 17:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005-07-01 11:22:00 | 000,339,072 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005-01-28 09:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-12-20 07:10:14 | 001,271,463 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004-11-29 18:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004-11-29 14:53:18 | 000,258,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004-11-25 16:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004-10-28 10:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004-10-24 20:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004-10-15 06:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004-10-08 06:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004-09-16 11:26:40 | 000,012,634 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AdfuUd.sys -- (AdfuUd)
DRV - [2004-08-04 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-06-30 12:54:04 | 000,019,200 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDBRGSYS.sys -- (ZDBRGSYS)
DRV - [2004-01-14 10:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-343818398-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.autoconfig_url: "http://www.2bg.am.poznan.pl/proxy.pac"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-11 12:37:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-16 00:02:31 | 000,000,000 | ---D | M]

[2009-05-22 20:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Extensions
[2011-01-20 03:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Firefox\Profiles\uwuwgd3o.default\extensions
[2010-05-14 23:22:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Firefox\Profiles\uwuwgd3o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-01-16 21:53:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Firefox\Profiles\uwuwgd3o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-12-28 12:18:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Firefox\Profiles\uwuwgd3o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010-12-28 12:18:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Roman\Dane aplikacji\Mozilla\Firefox\Profiles\uwuwgd3o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-01-20 15:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-16 09:24:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-18 15:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-10-16 09:24:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-03-08 21:12:34 | 000,726,112 | ---- | M] (www.devalvr.com) -- C:\Program Files\Mozilla Firefox\plugins\npdevalvr.dll
[2010-04-01 17:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-01 17:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-01 17:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-01 17:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-01 17:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-01 17:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-01-20 02:18:26 | 000,427,928 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O3 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-854245398-725345543-1004..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..Trusted Domains: gmer.net ([www] https in Lokalny intranet)
O15 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..Trusted Domains: mks.com.pl ([www] https in Lokalny intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.c...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.c...b?1135291517906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.c...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Roman\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roman\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-12-22 22:22:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{00d014c7-9e04-11dd-9128-00120e2a8780}\Shell - "" = AutoRun
O33 - MountPoints2\{8823fd09-ad1b-11db-902c-0040d080ba09}\Shell\AutoRun\command - "" = G:\s.exe
O33 - MountPoints2\{8823fd09-ad1b-11db-902c-0040d080ba09}\Shell\open\Command - "" = G:\s.exe
O33 - MountPoints2\{b42cd28c-3f98-11dc-905f-0040d080ba09}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
O33 - MountPoints2\{b42cd28c-3f98-11dc-905f-0040d080ba09}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
O33 - MountPoints2\{bde1629b-5831-11de-9163-001f1f02b26c}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
O33 - MountPoints2\{bde1629b-5831-11de-9163-001f1f02b26c}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe
O33 - MountPoints2\{c829af77-e5ca-11dd-913e-001f1f02b26c}\Shell\AutoRun\command - "" = G:\eyt.exe
O33 - MountPoints2\{c829af77-e5ca-11dd-913e-001f1f02b26c}\Shell\open\Command - "" = G:\eyt.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-20 02:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-01-20 02:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2011-01-20 01:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Dane aplikacji\Leadertech
[2011-01-18 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Moje dokumenty\moje
[2011-01-16 21:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2011-01-12 13:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TypingMaster
[2011-01-11 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Dane aplikacji\TypingMaster7
[2011-01-11 14:44:57 | 000,000,000 | R--D | C] -- C:\Program Files\TypingMaster
[2007-07-31 19:17:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2007-07-31 19:17:48 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2007-07-31 19:17:48 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2006-04-29 04:07:48 | 000,290,816 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.WMPLib.dll
[2004-11-24 18:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1999-05-17 12:58:52 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998-12-09 01:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998-12-09 01:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998-12-09 01:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998-12-09 01:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998-12-09 01:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

========== Files - Modified Within 30 Days ==========

[2011-01-20 19:36:02 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-20 15:56:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-01-20 15:22:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-01-20 15:22:42 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-20 15:22:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\RNAOMZ.job
[2011-01-20 15:22:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-20 03:15:57 | 001,440,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-20 03:14:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2011-01-20 02:18:26 | 000,427,928 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-01-19 17:15:15 | 000,427,928 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110120-021826.backup
[2011-01-19 14:59:23 | 000,427,928 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110119-171514.backup
[2011-01-16 21:19:23 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Roman\Pulpit\Menedżer Rejestru.lnk
[2011-01-16 21:19:22 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Roman\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2011-01-16 21:19:22 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Roman\Pulpit\Monitor Porzuconych Folderów.lnk
[2011-01-16 21:19:21 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Roman\Pulpit\Odkurzacz.lnk
[2011-01-12 14:46:46 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\Roman\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-01-12 03:35:42 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-01-11 17:09:30 | 000,120,832 | RHS- | M] () -- C:\WINDOWS\System32\sysocmgrw.dll
[2011-01-08 15:48:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-01-08 15:48:23 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdw.DAT
[2011-01-08 15:32:30 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

========== Files Created - No Company Name ==========

[2011-01-16 21:19:23 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Roman\Pulpit\Menedżer Rejestru.lnk
[2011-01-16 21:19:22 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Roman\Pulpit\Monitor Porzuconych Folderów.lnk
[2011-01-16 21:19:21 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Roman\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2011-01-16 21:19:20 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Roman\Pulpit\Odkurzacz.lnk
[2011-01-11 17:09:30 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\sysocmgrw.dll
[2011-01-11 17:09:30 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\RNAOMZ.job
[2010-11-01 13:27:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010-04-26 20:07:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010-04-14 07:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010-04-14 06:13:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Vocals
[2010-04-14 06:13:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Roman\Dane aplikacji\User Loops
[2010-04-14 06:13:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT
[2010-04-14 06:05:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Widgets
[2010-04-14 06:05:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Roman\Dane aplikacji\Utilities
[2010-04-14 06:05:47 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdw.DAT
[2008-10-27 08:38:10 | 001,348,370 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2008-10-08 21:37:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008-03-20 16:10:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008-03-11 17:41:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2007-09-28 16:07:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-09-28 16:05:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-09-23 10:51:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007-09-19 15:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\syswinf32.dll
[2007-09-17 20:29:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysdatcth32.dll
[2007-08-15 11:17:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2007-07-31 22:01:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2007-07-31 19:17:56 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2007-07-31 19:17:52 | 000,390,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2006-12-19 10:16:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006-08-05 19:03:49 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\Roman\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-05-27 15:17:21 | 000,000,223 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006-04-20 07:44:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-04-15 17:07:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006-04-05 09:17:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006-02-25 15:46:04 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006-01-06 16:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2005-12-25 14:13:30 | 000,000,277 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2005-12-25 13:54:12 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Roman\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2005-12-25 13:41:35 | 000,007,329 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2005-12-23 11:17:47 | 000,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-12-23 11:17:46 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005-12-23 11:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005-12-22 23:11:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005-12-22 22:35:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005-07-11 21:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004-10-12 05:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004-10-12 05:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004-10-12 05:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004-10-09 05:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004-10-05 07:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004-10-03 16:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004-09-16 11:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\AdfuUd.sys
[2004-09-16 11:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004-01-01 23:28:29 | 000,000,085 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2004-01-01 23:28:13 | 000,000,320 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2004-01-01 22:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll
[2004-01-01 22:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll
[2004-01-01 22:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll
[2004-01-01 22:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll
[2004-01-01 22:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll
[2004-01-01 22:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll
[2004-01-01 22:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll
[2004-01-01 22:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll
[2004-01-01 22:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll
[2004-01-01 22:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll
[2004-01-01 22:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll
[2004-01-01 22:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll
[2004-01-01 22:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll
[2004-01-01 22:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll
[2004-01-01 22:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll
[2004-01-01 22:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll
[2004-01-01 22:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll
[2004-01-01 22:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll
[2004-01-01 22:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll
[2004-01-01 22:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll
[2004-01-01 22:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll
[2004-01-01 22:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll
[2004-01-01 22:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll
[2004-01-01 22:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll
[2004-01-01 22:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll
[2004-01-01 22:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll
[2004-01-01 22:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll
[2004-01-01 22:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll
[2004-01-01 22:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll
[2004-01-01 22:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll
[2004-01-01 22:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll
[2004-01-01 22:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll
[2004-01-01 22:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll
[2004-01-01 22:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll
[2004-01-01 22:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll
[2004-01-01 22:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll
[2004-01-01 22:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll
[1996-04-03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010-04-01 09:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2011-01-09 20:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2007-10-09 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
[2010-04-14 06:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Dialogs
[2010-04-14 05:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Driver Whiz
[2010-04-14 06:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Echo
[2010-04-14 06:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EnterNHelp
[2007-08-16 20:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-04-14 06:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nikon
[2010-04-14 04:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters Inc
[2010-04-14 06:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ultima_T15
[2010-06-02 10:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-07-16 17:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Folder przesyłania Share-to-Web
[2010-11-01 13:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\.minecraft
[2011-01-16 21:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\.minecraft server
[2009-07-06 19:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Azureus
[2010-11-01 13:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\custom textures
[2010-10-25 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\DigiCel
[2010-04-14 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\GetRightToGo
[2006-01-17 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\InterVideo
[2011-01-20 01:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Leadertech
[2009-06-24 12:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\LowRateVoip
[2010-04-14 06:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Nikon
[2010-12-06 02:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Spotify
[2010-10-31 21:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Tunngle
[2011-01-12 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\TypingMaster7
[2010-08-11 12:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Dane aplikacji\Zoner
[2011-01-20 15:22:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\RNAOMZ.job

========== Purity Check ==========



< End of report >

[@Blade@]

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

Cytat:

:OTL O3 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-854245398-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O33 - MountPoints2\{00d014c7-9e04-11dd-9128-00120e2a8780}\Shell - "" = AutoRun O33 - MountPoints2\{8823fd09-ad1b-11db-902c-0040d080ba09}\Shell\AutoRun\command - "" = G:\s.exe O33 - MountPoints2\{8823fd09-ad1b-11db-902c-0040d080ba09}\Shell\open\Command - "" = G:\s.exe O33 - MountPoints2\{b42cd28c-3f98-11dc-905f-0040d080ba09}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe O33 - MountPoints2\{b42cd28c-3f98-11dc-905f-0040d080ba09}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe O33 - MountPoints2\{bde1629b-5831-11de-9163-001f1f02b26c}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe O33 - MountPoints2\{bde1629b-5831-11de-9163-001f1f02b26c}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe O33 - MountPoints2\{c829af77-e5ca-11dd-913e-001f1f02b26c}\Shell\AutoRun\command - "" = G:\eyt.exe O33 - MountPoints2\{c829af77-e5ca-11dd-913e-001f1f02b26c}\Shell\open\Command - "" = G:\eyt.exe [1999-05-17 12:58:52 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL [1998-12-09 01:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL [1998-12-09 01:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL [1998-12-09 01:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL [1998-12-09 01:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL [1998-12-09 01:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL [2011-01-20 15:22:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\RNAOMZ.job [2011-01-11 17:09:30 | 000,120,832 | RHS- | M] () -- C:\WINDOWS\System32\sysocmgrw.dll :Files c:\windows\system32\mcenspc.dll :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" :Commands [emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport

[NIuniaM]

http://wklej.eu/index.php?id=9f801cdb3d

[NuniaM]

Oto LOG Z MALWAREBYTES ANTI...

http://wklej.eu/index.php?id=c9d7c6242c

BYLO KILKA TROJANOW I INNYCH RZECZY RAZEM 14 , usuneLAM WSzystko.

CZY TO OZNACZA ZE JEST PO PROBLEMIE?
CZY POWINNAM ZAINSTALOWAC NP> KASPERKIEGO(kolezanka ma z gazety plyte )?
czy mam ten program malwarebytes odinstalowac czy zostawic?
jaki program jest najlepszy i gdzie mozna go sciangac?
i wogole to bardzo bardzo dziekuje za poswiecenie mi czasu

[@Blade@]

Ok, więcej nic nie widać.

W OTL kliknij Sprzątanie

Cytat:

CZY TO OZNACZA ZE JEST PO PROBLEMIE?

Na to pytanie powinnaś sama odpowiedzieć, bo ja nie wiem, czy problem minął. To co było szkodliwego widać, dałem do usuwania i tyle.

Cytat:

CZY POWINNAM ZAINSTALOWAC NP> KASPERKIEGO(kolezanka ma z gazety plyte )?

Pasuje zainstalować jakiegoś antywira, bo nic takiego nie posiadasz. Ten Kaspersky z gazety to pewnie wersja trial, więc zbyt długo chronił nie będzie, musiałabyś wykupić licencję. A jeśli nie to skorzystaj z jakiegoś darmowego rozwiązania.

Cytat:

czy mam ten program malwarebytes odinstalowac czy zostawic?

Możesz zostawić, to bardzo dobry skaner. Możesz nim co jakiś czas przeskanować kompa. Ja bym nawet zastąpił nim Spybota, którego lata świetności już minęły.

[NiuniaM]

Nadal JEst ten sam probLem , nic nie moge sciagac.

[NiuniaM]

oK, a moze to tak ze jakis z programow usunal wirusa a razem z nim jakas funkcje, no i teraz kazde sciaganie antywira albo programu konczy sie anulowaniem? sama juz nie wiem.

[NIuniaM]

a moze przepisze jakie procesy chodza teraz <czy to bez sensu?

[@Blade@]

Sprawdź, czy problem występuje w trybie awaryjnym z obsługą sieci.