Wirus z facebooka + prośba o sprawdzenie loga

[Lape]

Chodzi zapewne o nvsvc32.exe. Czytałam już na kilku stronach w jaki sposób można by pozbyć się tego wirusa, jednak wciąż nie jest to dla mnie zrozumiałe tak do końca. Nie mam kogo poprosić o realną pomoc, dlatego też piszę tutaj. Główne objawy to strasznie zamulony internet (oglądanie filmów stało się niemożliwe), wyłączające się automatyczne aktualizacje, wyskakiwanie okienka z błędem nvsvc32.exe. Czytałam, że dobrze byłoby zeskanować kompa Malwarem i tak też zrobiłam. Od kilku lat używam Avasta i skanuję system co jakiś czas, jednak nie wykrył już dawno żadnych wirusów (co mnie cieszyło). Jakie jednak było moje zdziwienie, gdy po szybkim przeskanowaniu Malwarem wykryto ok. 120 zarażonych plików Nie jestem pewna, czy wszystkie te pliki mogę usunąć, czy nie, dlatego też proszę o pomoc w tej sprawie. Wklejam log, jednak proszę o zrozumienie i wyrozumiałość, jeżeli nie będzie to takie jak powinno. Piszę na tym forum po raz pierwszy, a samo odkrycie czym w ogóle jest ten wymagany tutaj "log" zajęło mi chwilę czasu...

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Wersja bazy: 5363

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512

2011-01-10 17:42:35
mbam-log-2011-01-10 (17-42-21).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 158739
Upłynęło: 10 minut(y), 59 sekund(y)

Zainfekowanych procesów w pamięci: 1
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 58
Zainfekowanych wartości rejestru: 8
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 31
Zainfekowanych plików: 26

Zainfekowanych procesów w pamięci:
c:\WINNT\nvsvc32.exe (Backdoor.Bot) -> 3608 -> No action taken.

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> No action taken.

Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Bot) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Bot) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Malware.Trace) -> Value: NVIDIA driver monitor -> No action taken.

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
c:\documents and settings\Korppi\dane aplikacji\shoppingreport (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\res2 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\db (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\report (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\shoppingreport (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> No action taken.
c:\program files\shoppingreport2\Bin\2.7.27 (Adware.ShoppingReport2) -> No action taken.

Zainfekowanych plików:
c:\WINNT\nvsvc32.exe (Backdoor.Bot) -> No action taken.
c:\program files\shoppingreport2\Bin\2.7.27\shoppingreport.dll (Adware.SmartShopper) -> No action taken.
c:\documents and settings\Korppi\Pulpit\facebook-pic000163927.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\dwld\whitelist.xip (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport\cs\res2\whitelist.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\oem\dane aplikacji\shoppingreport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> No action taken.
c:\documents and settings\Korppi\dane aplikacji\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> No action taken.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\shoppingreport\Uninst.exe (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport\Bin\2.5.0\shoppingreport.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> No action taken.

[wojtas]

usuń co znalazł ten program...
potem dopiero wstaw wymagane logi ( 2 z OTL + Gmer -> tam masz opisane co i jak )

[Lape]

Nie mogę zrobić loga z Gmera, ponieważ gdy rozpoczynam skanowanie, po jakimś czasie wyskakuje okienko z błędem i informacją, że aplikacja musi zostać zamknięta, po czym komputer sam się restartuje. Po ponownym starcie systemu pojawia się jeszcze informacja o tym, że system został przywrócony po poważnym błędzie.
Wstawiam więc logi z OTL:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-01-11 22:26:32 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Documents and Settings\Korppi\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 389,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 110,65 Gb Free Space | 74,24% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,77 Gb Free Space | 39,76% Space Free | Partition Type: NTFS
Drive E: | 86,36 Gb Total Space | 37,87 Gb Free Space | 43,86% Space Free | Partition Type: FAT32
Drive F: | 83,98 Gb Total Space | 31,82 Gb Free Space | 37,89% Space Free | Partition Type: FAT32

Computer Name: OEM-C38F3E6B353 | User Name: Korppi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\eMule2\emule.exe" = F:\eMule2\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found
"G:\eMule\emule.exe" = G:\eMule\emule.exe:*:Enabled:eMule -- File not found
"F:\Program Files\Last.fm\LastFM.exe" = F:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"F:\eMule48\eMule\emule.exe" = F:\eMule48\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"E:\Gry\Infogrames\Grand Prix 4\GP4.exe" = E:\Gry\Infogrames\Grand Prix 4\GP4.exe:*:Enabled:GP4 -- ()
"C:\WINNT\system32\dplaysvr.exe" = C:\WINNT\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Aspyr\Guitar Hero III\GH3.exe" = C:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III -- (Aspyr Media, Inc.)
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta -- (GG Network S.A.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"F:\eMule48\eMule_new\emule.exe" = F:\eMule48\eMule_new\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"E:\Pinnacle\VideoSpin\Programs\RM.exe" = E:\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"E:\Pinnacle\VideoSpin\Programs\umi.exe" = E:\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"E:\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = E:\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Canon\DV Messenger\DV Messenger.exe" = C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:DV Messenger -- (Canon Inc.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found
"C:\Documents and Settings\Korppi\Pulpit\facebook-pic000163927.exe" = c:\winnt\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{01D8CA8B-3F5F-4590-A0F3-36373BE97866}_is1" = Testy B
"{0867A478-1095-4CF5-9B8D-4F7E5F05D5BB}" = CANON USB Video Driver
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.7.0.0.mf01
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Rezydencje i ogrody Akcesoria
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2B04D44F-1D1B-4E0E-8431-D04F87C21045}" = Nero 7 Essentials
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}" = Ulead Video ToolBox Basic
"{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™  2 Zwierzaki
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A147CB0-022B-429B-AAB8-91E8354DD31E}" = OpenOffice.ux.pl 2.0.4
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Młodzieżowy styl Akcesoria
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kuchnia i łazienka Wystrój wnętrz Akcesoria
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Rozrywka rodzinna - Akcesoria
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2  IKEA® urządza dom Akcesoria
"{6E6BAE07-9086-4E06-A097-749E3CA67197}_is1" = The Rasmus Player
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Nowoczesny apartament Akcesoria
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Własny biznes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 Moda z H&M® Akcesoria
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 Czas wolny
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Kariera
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Szyk i elegancja - Akcesoria
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter i Zakon Feniksa™
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Osiedlowe życie
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C219D284-F161-4731-AC0E-D89814ACEABE}" = DV Network Software
"{C64121E9-B741-4177-00BD-7B228D3F6723}" = F1 2002
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DD4371B0-D2F6-11D7-BDC4-220000000000}" = Translatica Premium
"{DEDFC926-4E85-438A-ABD3-D1B84568D022}" = Windows Messenger 5.1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Cztery pory roku
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Impreza! Akcesoria
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Podróże
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nocne życie
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter i Książę Półkrwi™
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = ABIT uGuru
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem  (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
"4Media MP4 to MP3 Converter" = 4Media MP4 to MP3 Converter 6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem  (02/15/2007 3.1)
"Belarc Advisor" = Belarc Advisor 7.2
"CANONBJ_Deinstall_CNMCP2t.DLL" = S800
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem  (05/24/2007 6.84.0.1)
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"DreamWorks Interactive: Neverhood" = The Neverhood
"EADM" = EA Download Manager
"Earthworm Jim 3D" = Earthworm Jim 3D
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESKK MemoPlus_is1" = ESKK MemoPlus Demo 1.0
"ffdshow" = ffdshow
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"GameDesire-Bingo" = GameDesire-Bingo
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Updater" = Aktualizator Google
"InstallShield_{0867A478-1095-4CF5-9B8D-4F7E5F05D5BB}" = CANON USB Video Driver
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{C219D284-F161-4731-AC0E-D89814ACEABE}" = DV Network Software
"ipla" = ipla 2.1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.77 Full
"LastFM_is1" = Last.fm 1.5.4.27091
"LetsFun FLV Converter_is1" = LetsFun FLV Converter V6.1
"Luxor 3" = Luxor 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"NeostradaTP.exe" = Neostrada TP
"Nokia PC Suite" = Nokia PC Suite
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"Odlotowa farma" = Odlotowa farma
"PokerStars" = PokerStars
"RealAlt_is1" = Real Alternative 2.0.1
"Re-Volt_is1" = Re-Volt - www.classic-gaming.net
"rFactor" = rFactor (remove only)
"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds
"rosyjski_pig_3_2_is1" = Rosyjski w pigułce część 2
"rosyjski_pig_3_is1" = Rosyjski w pigułce część 1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"Wygaszacz Zegar_is1" = Wygaszacz Zegar
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2009-12-31 14:23:32 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\PC Connectivity Solution\NclInstaller.exe failed, 0000A420. 

Error - 2009-12-31 14:23:32 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\SYSTEM32\NEWDEV.DLL failed, 0000A420. 

Error - 2009-12-31 14:23:32 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\SYSTEM32\CREDUI.DLL failed, 0000A420. 

Error - 2009-12-31 14:23:33 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\Prefetch\NCLINSTALLER.EXE-35BFFB75.pf failed, 0000A420. 

Error - 2009-12-31 14:23:33 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\system32\KBDPL1.DLL failed, 0000A420. 

Error - 2009-12-31 14:23:33 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\system32\KBDPL.DLL failed, 0000A420. 

Error - 2009-12-31 14:23:33 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\system32\KBDUS.DLL failed, 0000A420. 

Error - 2009-12-31 14:23:33 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\Resources\themes\Luna\Luna.msstyles failed, 0000A420. 

Error - 2009-12-31 14:23:34 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINNT\system32\wuaueng.dll.mui failed, 0000A420. 

Error - 2010-03-02 07:29:27 | Computer Name = OEM-C38F3E6B353 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://s255.chomikuj.pl/File.aspx?id=92382476&vid=94191242&tk=1528291&t=634031252312962939&d=70&k=1316285&name=Prawo+Jazdy.iso
failed, 00000084. 

[ Application Events ]
Error - 2011-01-01 09:36:29 | Computer Name = OEM-C38F3E6B353 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-06 11:29:08 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-07 13:00:58 | Computer Name = OEM-C38F3E6B353 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-07 13:32:35 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-07 18:33:59 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-08 10:08:11 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-09 08:48:43 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-10 13:15:28 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nvsvc32.exe, wersja 0.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00028c0b.

Error - 2011-01-10 19:09:14 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3989,
moduł powodujący błąd xul.dll, wersja 1.9.2.3989, adres błędu 0x0043f48d.

Error - 2011-01-11 17:00:51 | Computer Name = OEM-C38F3E6B353 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd 58jgjps9.exe, wersja 1.0.15.15530, moduł
powodujący błąd 58jgjps9.exe, wersja 1.0.15.15530, adres błędu 0x0000c551.

[ OSession Events ]
Error - 2008-04-29 11:22:53 | Computer Name = OEM-C38F3E6B353 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6666
seconds with 3180 seconds of active time.  This session ended with a crash.

Error - 2009-07-06 16:52:38 | Computer Name = OEM-C38F3E6B353 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 2011-01-11 17:03:37 | Computer Name = OEM-C38F3E6B353 | Source = System Error | ID = 1003
Description = Kod błędu 10000050, parametr 1 e2acf000, parametr 2 00000000, parametr
3 8052ba48, parametr 4 00000001.


< End of report >

Kod: Zaznacz wszystko

OTL logfile created on: 2011-01-11 22:26:32 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Documents and Settings\Korppi\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 389,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 110,65 Gb Free Space | 74,24% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,77 Gb Free Space | 39,76% Space Free | Partition Type: NTFS
Drive E: | 86,36 Gb Total Space | 37,87 Gb Free Space | 43,86% Space Free | Partition Type: FAT32
Drive F: | 83,98 Gb Total Space | 31,82 Gb Free Space | 37,89% Space Free | Partition Type: FAT32

Computer Name: OEM-C38F3E6B353 | User Name: Korppi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
PRC - [2010-12-12 22:36:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-12-12 22:36:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-07-12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files\Winamp\winampa.exe
PRC - [2009-11-29 19:33:21 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-09-30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009-03-28 22:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007-06-18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006-12-23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-12-23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006-10-31 12:17:42 | 002,404,352 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 2.0.4\program\soffice.bin
PRC - [2006-10-31 12:17:36 | 002,252,800 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 2.0.4\program\soffice.exe
PRC - [2006-10-11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005-06-02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005-05-04 09:01:36 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINNT\ALCWZRD.EXE
PRC - [2005-05-03 17:43:50 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\SOUNDMAN.EXE
PRC - [2004-04-12 10:14:24 | 001,695,830 | ---- | M] (ABIT Computer Corporation) -- C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
PRC - [2004-04-08 11:19:32 | 000,229,376 | ---- | M] (AIBT Computer Corp.) -- C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
PRC - [2004-01-26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003-10-16 18:07:12 | 000,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe
PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe
PRC - [2003-10-16 18:07:12 | 000,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe
PRC - [2003-10-16 18:07:10 | 000,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe
PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006-10-04 21:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010-03-29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005-06-02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-03-19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-03-19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-02-09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-07-31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008-07-26 05:48:00 | 006,097,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-07-02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005-06-08 15:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-01-07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-10-05 10:39:18 | 000,057,856 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBVCD.sys -- (USBVCD)
DRV - [2004-10-05 10:39:18 | 000,006,528 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\VCIDRV.sys -- (VCIDRV)
DRV - [2004-02-27 10:04:10 | 000,004,608 | ---- | M] (ABIT Computer Corp.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ProcObsrv.sys -- (ProcObsrv)
DRV - [2004-02-26 16:52:22 | 000,010,752 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\uGuru.sys -- (uGuru)
DRV - [2003-12-31 17:53:14 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003-12-08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\alcaudsl.sys -- (alcaudsl)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=011
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:1.1
FF - prefs.js..extensions.enabledItems: fi@dictionaries.addons.mozilla.org:1.0.2.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {D48A12C2-E0F4-4640-8ADE-2DE4959E0F3D}:1.3.3
FF - prefs.js..extensions.enabledItems: {79fcaa13-5f29-4c33-aad7-6c48c175760a}:0.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.3
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010-10-27 21:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010-10-27 21:14:38 | 000,000,000 | ---D | M]

[2008-08-26 21:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Extensions
[2011-01-11 00:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions
[2010-09-22 18:49:20 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-05-03 19:44:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-16 21:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010-12-16 23:38:42 | 000,000,000 | ---D | M] ("Stop Autoplay") -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010-04-16 21:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2010-08-14 17:57:58 | 000,000,000 | ---D | M] (zoomFox) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2010-07-17 14:31:52 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-07-25 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010-09-22 18:49:19 | 000,000,000 | ---D | M] (Youtube Tooltip) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{D48A12C2-E0F4-4640-8ADE-2DE4959E0F3D}
[2010-05-03 19:44:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-09-22 18:49:18 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010-07-17 14:01:23 | 000,000,000 | ---D | M] (Suomen kielen oikoluku) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\fi@dictionaries.addons.mozilla.org
[2010-11-11 17:40:26 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\info@djzig.com
[2010-11-12 22:00:05 | 000,000,000 | ---D | M] (qtl) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\qtl.co.il@gmail.com
[2008-02-08 19:26:40 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\aolsearch.xml
[2009-08-19 22:33:57 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\kaannoscom-fi-en.xml
[2010-11-12 22:00:09 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\qtl.xml
[2009-09-05 19:56:25 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\winamp-search.xml
[2009-08-19 22:32:23 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\youtube.xml
[2009-01-17 17:53:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Korppi\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1275210071-789336058-682003330-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINNT\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [ScanSoft OmniPage SE 4.0-reminder] C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Skrót do strony właściwości High Definition Audio] C:\WINNT\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [trioService] C:\PROGRA~1\Freeze.com\Halloween\trioService.exe  File not found
O4 - HKLM..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Korppi\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab (PopCapLoader Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-18 13:18:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-08-30 08:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a2369614-b583-11dd-8093-000e50575c69}\Shell\AutoRun\command - "" = K:\yannh.cmd -- File not found
O33 - MountPoints2\{a2369614-b583-11dd-8093-000e50575c69}\Shell\explore\Command - "" = K:\yannh.cmd -- File not found
O33 - MountPoints2\{a2369614-b583-11dd-8093-000e50575c69}\Shell\open\Command - "" = K:\yannh.cmd -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070282.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070281.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\biooolaa.rar
[2011-01-11 21:18:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
[2011-01-10 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Korppi\Dane aplikacji\Malwarebytes
[2011-01-10 17:29:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011-01-10 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-01-10 17:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-01-10 17:29:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011-01-10 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-09 20:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
[2011-01-09 20:15:10 | 094,943,824 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Korppi\Pulpit\NAV-TW-30-18-5-0-125-PL.exe
[2011-01-06 18:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Korppi\Pulpit\2011_01_06
[2010-12-15 20:29:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndproxy.sys
[2010-12-15 20:18:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wab.exe
[2008-04-22 14:46:35 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070282.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070281.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\biooolaa.rar
[2011-01-11 22:29:05 | 000,001,036 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-11 22:06:34 | 000,493,632 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2011-01-11 22:06:34 | 000,084,916 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2011-01-11 22:06:33 | 001,096,384 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2011-01-11 22:06:33 | 000,435,260 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011-01-11 22:06:33 | 000,068,156 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011-01-11 22:02:33 | 000,000,972 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011-01-11 22:02:29 | 000,194,909 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2011-01-11 22:02:25 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2011-01-11 22:02:20 | 000,001,032 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-11 22:02:19 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2011-01-11 22:02:08 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
[2011-01-11 21:13:52 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\58jgjps9.exe
[2011-01-11 21:12:10 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011-01-11 20:39:05 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Microsoft Office Word 2007.lnk
[2011-01-11 20:23:08 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Korppi\NTUSER.DAT
[2011-01-11 20:22:42 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Korppi\ntuser.ini
[2011-01-10 21:28:53 | 002,944,828 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz2.JPG
[2011-01-10 21:28:43 | 002,960,960 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz1.JPG
[2011-01-10 17:29:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-01-09 20:29:51 | 094,943,824 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Korppi\Pulpit\NAV-TW-30-18-5-0-125-PL.exe
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010-12-18 01:45:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-12-16 23:36:03 | 000,302,032 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010-12-15 23:47:17 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010-12-15 23:20:49 | 003,736,170 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Sonata Arctica - Sing In Silence.mp3
[2010-12-13 22:10:57 | 000,015,539 | ---- | M] () -- C:\Documents and Settings\Korppi\Moje dokumenty\Reaktory jądrowe to urządzenia.docx
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-01-11 21:13:51 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\58jgjps9.exe
[2011-01-10 21:28:09 | 002,944,828 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz2.JPG
[2011-01-10 21:27:58 | 002,960,960 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz1.JPG
[2011-01-10 17:29:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-12-15 23:20:21 | 003,736,170 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Sonata Arctica - Sing In Silence.mp3
[2010-12-13 21:20:27 | 000,015,539 | ---- | C] () -- C:\Documents and Settings\Korppi\Moje dokumenty\Reaktory jądrowe to urządzenia.docx
[2009-06-25 15:41:45 | 000,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2009-06-06 00:37:32 | 000,000,058 | ---- | C] () -- C:\WINNT\wininit.ini
[2009-05-26 23:44:50 | 004,762,112 | ---- | C] () -- C:\WINNT\System32\NCMedia.dll
[2009-05-26 23:44:50 | 000,383,238 | ---- | C] () -- C:\WINNT\System32\libmp3lame-0.dll
[2008-12-03 18:10:29 | 000,081,858 | ---- | C] () -- C:\Documents and Settings\Korppi\Dane aplikacji\NMM-MetaData.db
[2008-11-16 16:56:40 | 000,000,019 | ---- | C] () -- C:\WINNT\SoundConverter.INI
[2008-07-26 05:48:00 | 001,724,416 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2008-07-26 05:48:00 | 001,499,136 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2008-07-26 05:48:00 | 001,101,824 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2008-07-26 05:48:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2008-07-26 05:48:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2008-07-25 17:51:29 | 000,000,000 | ---- | C] () -- C:\WINNT\Wygaszacz Zegar.ini
[2008-06-17 18:16:31 | 000,000,416 | ---- | C] () -- C:\WINNT\MAXLINK.INI
[2008-06-17 17:20:35 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\CNCFLbNL.DLL
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSwedish.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSpanish.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelPortugese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelKorean.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelJapanese.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelGerman.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelFrench.dll
[2008-06-05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINNT\System32\physxcudart_20.dll
[2008-04-16 19:55:01 | 000,000,487 | ---- | C] () -- C:\WINNT\iScreensaver.ini
[2008-03-29 23:06:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2008-03-23 22:53:10 | 000,001,910 | ---- | C] () -- C:\WINNT\bestplayer.ini
[2008-01-18 20:57:14 | 000,000,019 | ---- | C] () -- C:\WINNT\KNP.INI
[2007-11-10 15:02:48 | 000,000,235 | ---- | C] () -- C:\WINNT\disney.ini
[2007-11-10 15:02:35 | 000,000,364 | ---- | C] () -- C:\WINNT\disneysy.ini
[2007-10-20 18:10:32 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2007-10-20 13:48:12 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2007-10-20 13:38:07 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-20 10:38:34 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS2t.DLL
[2007-10-20 10:34:58 | 000,000,374 | ---- | C] () -- C:\WINNT\System32\CNCMFP10.INI
[2007-10-18 23:07:42 | 002,115,446 | -H-- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2007-10-18 22:32:14 | 000,080,424 | ---- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2007-10-18 22:31:36 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Korppi\Dane aplikacji\desktop.ini
[2007-10-18 22:04:10 | 000,005,606 | ---- | C] () -- C:\WINNT\System32\stci.dll
[2007-10-18 15:05:19 | 001,096,384 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup.INI
[2007-10-18 15:05:18 | 000,004,205 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2007-10-18 15:04:30 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2007-10-18 13:58:11 | 000,593,938 | ---- | C] () -- C:\WINNT\System32\x264vfw.dll
[2007-10-18 13:58:10 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2007-10-18 13:58:10 | 000,765,952 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2007-10-18 13:58:10 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2007-10-18 13:30:32 | 000,018,606 | ---- | C] () -- C:\WINNT\System32\FlashMenu.sys
[2007-10-18 13:30:32 | 000,010,414 | ---- | C] () -- C:\WINNT\System32\drivers\FlashMenu.sys
[2007-10-18 13:30:32 | 000,005,960 | ---- | C] () -- C:\WINNT\System32\drivers\HWDRV.SYS
[2007-10-18 13:30:32 | 000,005,018 | ---- | C] () -- C:\WINNT\System32\drivers\HWIOCTL.SYS
[2007-10-18 13:30:32 | 000,004,047 | ---- | C] () -- C:\WINNT\System32\drivers\MEMCTL.SYS
[2007-10-18 13:30:32 | 000,003,548 | ---- | C] () -- C:\WINNT\System32\drivers\WINFLASH.SYS
[2007-10-18 13:30:32 | 000,002,721 | ---- | C] () -- C:\WINNT\System32\drivers\AMINTSYS.SYS
[2007-10-18 13:18:42 | 000,000,000 | ---- | C] () -- C:\WINNT\control.ini
[2007-10-18 13:15:18 | 000,000,037 | ---- | C] () -- C:\WINNT\vbaddin.ini
[2007-10-18 13:15:18 | 000,000,036 | ---- | C] () -- C:\WINNT\vb.ini
[2007-10-18 13:14:35 | 000,026,717 | ---- | C] () -- C:\WINNT\System32\tslabels.ini
[2007-10-18 13:14:33 | 000,003,813 | ---- | C] () -- C:\WINNT\System32\msdtcprf.ini
[2007-03-29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINNT\System32\CddbCdda.dll
[2007-01-26 00:04:12 | 000,138,752 | ---- | C] () -- C:\WINNT\System32\mase32.dll
[2007-01-26 00:04:12 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\ma32.dll
[2005-09-09 11:08:44 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2005-02-24 17:56:45 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2004-08-04 01:44:10 | 000,270,848 | ---- | C] () -- C:\WINNT\System32\sbe.dll
[2004-08-04 01:44:04 | 000,014,336 | ---- | C] () -- C:\WINNT\System32\msdmo.dll
[2004-08-04 01:43:58 | 000,186,880 | ---- | C] () -- C:\WINNT\System32\encdec.dll
[2004-08-04 01:43:56 | 000,253,440 | ---- | C] () -- C:\WINNT\System32\compatui.dll
[2004-08-04 01:43:54 | 000,070,656 | ---- | C] () -- C:\WINNT\System32\amstream.dll
[2004-08-04 01:43:16 | 000,733,696 | ---- | C] () -- C:\WINNT\System32\qedwipes.dll
[2004-08-03 23:46:56 | 000,042,537 | ---- | C] () -- C:\WINNT\System32\keyboard.sys
[2004-08-03 23:45:34 | 000,033,936 | ---- | C] () -- C:\WINNT\System32\ntio.sys
[2004-08-03 23:45:16 | 000,035,424 | ---- | C] () -- C:\WINNT\System32\ntio412.sys
[2004-08-03 23:45:16 | 000,034,560 | ---- | C] () -- C:\WINNT\System32\ntio404.sys
[2004-08-03 23:45:14 | 000,034,560 | ---- | C] () -- C:\WINNT\System32\ntio804.sys
[2004-08-03 23:45:12 | 000,035,648 | ---- | C] () -- C:\WINNT\System32\ntio411.sys
[2004-07-17 12:46:14 | 000,053,478 | ---- | C] () -- C:\WINNT\System32\tcpmon.ini
[2004-07-17 12:34:48 | 000,355,112 | ---- | C] () -- C:\WINNT\System32\msjetoledb40.dll
[2001-10-26 20:29:40 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\scriptpw.dll
[2001-10-26 20:29:32 | 000,199,168 | ---- | C] () -- C:\WINNT\System32\ir32_32.dll
[2001-10-26 20:28:34 | 000,094,282 | ---- | C] () -- C:\WINNT\System32\msencode.dll
[2001-10-26 20:27:02 | 000,015,360 | ---- | C] () -- C:\WINNT\System32\tsd32.dll
[2001-10-26 19:15:04 | 000,027,898 | ---- | C] () -- C:\WINNT\System32\ntdos.sys
[2001-10-26 19:14:52 | 000,004,976 | ---- | C] () -- C:\WINNT\System32\himem.sys
[2001-10-26 19:14:32 | 000,009,043 | ---- | C] () -- C:\WINNT\System32\ansi.sys
[2001-10-26 19:12:52 | 000,000,359 | ---- | C] () -- C:\WINNT\System32\prodspec.ini
[2001-10-26 18:45:26 | 000,016,024 | ---- | C] () -- C:\WINNT\System32\rsvp.ini
[2001-10-26 18:45:26 | 000,006,074 | ---- | C] () -- C:\WINNT\System32\rasctrs.ini
[2001-10-26 18:45:24 | 000,013,819 | ---- | C] () -- C:\WINNT\System32\pschdprf.ini
[2001-10-26 18:42:08 | 000,020,629 | ---- | C] () -- C:\WINNT\System32\mqperf.ini
[2001-10-26 18:42:08 | 000,002,992 | ---- | C] () -- C:\WINNT\System32\perfci.ini
[2001-10-26 18:42:08 | 000,002,890 | ---- | C] () -- C:\WINNT\System32\perfwci.ini
[2001-10-26 18:42:08 | 000,001,295 | ---- | C] () -- C:\WINNT\System32\perffilt.ini
[2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINNT\System32\paqsp.dll
[2001-08-18 00:31:56 | 000,042,809 | ---- | C] () -- C:\WINNT\System32\key01.sys
[2001-08-18 00:31:56 | 000,027,097 | ---- | C] () -- C:\WINNT\System32\country.sys
[2001-08-18 00:31:50 | 000,029,274 | ---- | C] () -- C:\WINNT\System32\ntdos412.sys
[2001-08-18 00:31:46 | 000,029,370 | ---- | C] () -- C:\WINNT\System32\ntdos411.sys
[2001-08-18 00:31:46 | 000,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos404.sys
[2001-08-18 00:31:44 | 000,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos804.sys
[2001-08-18 00:13:24 | 000,002,656 | ---- | C] () -- C:\WINNT\System32\netware.drv
[2001-08-17 22:55:06 | 001,015,477 | ---- | C] () -- C:\WINNT\System32\esentprf.ini
[2001-07-22 05:25:18 | 000,001,405 | ---- | C] () -- C:\WINNT\msdfmap.ini
[2001-07-22 01:16:20 | 000,000,661 | ---- | C] () -- C:\WINNT\win.ini
[2001-07-22 01:15:52 | 000,000,231 | ---- | C] () -- C:\WINNT\system.ini
[2001-07-22 01:15:50 | 000,013,312 | ---- | C] () -- C:\WINNT\System32\win87em.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-04-04 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2008-06-17 17:20:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2010-04-03 23:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-12-07 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy
[2010-09-01 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2008-04-23 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GoBit Games
[2010-02-12 22:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2009-12-29 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2008-05-03 23:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
[2007-11-11 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo
[2010-02-13 16:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2007-11-23 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Oberon Media
[2010-03-26 23:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OdlotowaFarma2
[2010-09-04 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-12-03 17:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2008-05-25 17:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\phenomedia
[2009-09-01 13:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2009-09-01 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle VideoSpin
[2007-10-30 21:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap
[2008-06-17 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2009-07-09 01:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-01 12:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2008-04-22 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Winferno
[2008-11-07 22:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom
[2010-06-19 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\4Media
[2011-01-06 18:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Canon
[2008-08-03 22:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Desperate Housewives
[2009-06-06 00:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Disney Interactive Studios
[2010-09-01 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Gadu-Gadu 10
[2010-07-02 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\GanymedeNet
[2010-03-02 13:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\ipla
[2008-04-16 19:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\iScreensaver
[2009-01-23 20:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\MusicIP
[2010-02-18 00:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nokia
[2008-12-03 18:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nokia Multimedia Player
[2010-07-13 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nowe Gadu-Gadu
[2010-09-01 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\OpenFM
[2011-01-11 22:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\OpenOffice.ux.pl2
[2010-08-12 19:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Opera
[2009-01-19 02:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\PC Suite
[2007-10-20 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\poleng
[2008-06-17 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\ScanSoft
[2007-10-20 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\The Rasmus Player
[2008-08-26 21:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Thunderbird
[2008-12-03 18:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Ulead Systems
[2008-06-17 18:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\Canon
[2009-02-19 23:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\PC Suite
[2008-06-17 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\ScanSoft
[2009-09-01 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\Ulead Systems
[2008-04-22 14:41:59 | 000,000,386 | ---- | M] () -- C:\WINNT\Tasks\rpc.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Korppi\Pulpit\bestplayer1.0.exe:SummaryInformation
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:27EEEB5C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C5A35877
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B285B76

< End of report >

[wojtas]

odinstaluj w panelu sterowania : Winamp Toolbar

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\btnetdrv.sys -- (BT)
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
O4 - HKLM..\Run: [trioService] C:\PROGRA~1\Freeze.com\Halloween\trioService.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Korppi\Pulpit\bestplayer1.0.exe:SummaryInformation
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:27EEEB5C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C5A35877
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B285B76

:Files
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\aolsearch.xm
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\qtl.xml
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\winamp-search.xml

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\eMule2\emule.exe"=-
"C:\Program Files\Gadu-Gadu\gg.exe"=-
"G:\eMule\emule.exe"=-
"C:\Program Files\Winamp Remote\bin\Orb.exe"=-
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"=-
"C:\Program Files\Gadu-Gadu 10\gg.exe"=-
"C:\Documents and Settings\Korppi\Pulpit\facebook-pic000163927.exe"=-

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

[Lape]

Po restarcie pojawiło się kilka, konkretnie 5 plików-widmo o rozmiarze 0 bajtów - co to?

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Service VcommMgr stopped successfully!
Service VcommMgr deleted successfully!
File C:\WINNT\System32\Drivers\VcommMgr.sys not found.
Service VComm stopped successfully!
Service VComm deleted successfully!
File C:\WINNT\System32\DRIVERS\VComm.sys not found.
Service BT stopped successfully!
Service BT deleted successfully!
File C:\WINNT\System32\DRIVERS\btnetdrv.sys not found.
Prefs.js: "Winamp Search" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685& removed from browser.search.defaulturl
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\trioService deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ deleted successfully.
ADS C:\Documents and Settings\Korppi\Pulpit\bestplayer1.0.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:27EEEB5C deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C5A35877 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9B285B76 deleted successfully.
========== FILES ==========
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
File\Folder C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\aolsearch.xm not found.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\qtl.xml moved successfully.
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\winamp-search.xml moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\eMule2\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gadu-Gadu\gg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\eMule\emule.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gadu-Gadu 10\gg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Korppi\Pulpit\facebook-pic000163927.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Korppi
->Temp folder emptied: 1075985570 bytes
->Temporary Internet Files folder emptied: 121865253 bytes
->Java cache emptied: 50999655 bytes
->FireFox cache emptied: 95460055 bytes
->Opera cache emptied: 6248610 bytes
->Flash cache emptied: 16307324 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5721198 bytes
->Flash cache emptied: 649 bytes

User: Marta

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1718771 bytes

User: oem
->Temp folder emptied: 122569365 bytes
->Temporary Internet Files folder emptied: 2679832 bytes
->FireFox cache emptied: 771320 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31218638 bytes
RecycleBin emptied: 848422396 bytes

Total Files Cleaned = 2 272,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Korppi
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Marta

User: NetworkService

User: oem
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.1 log created on 01122011_181712

Files\Folders moved on Reboot...
File move failed. C:\WINNT\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINNT\temp\Perflib_Perfdata_4e0.dat not found!

Registry entries deleted on Reboot...

Kod: Zaznacz wszystko

OTL logfile created on: 2011-01-12 18:24:51 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Documents and Settings\Korppi\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 476,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,86 Gb Free Space | 77,74% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,77 Gb Free Space | 39,76% Space Free | Partition Type: NTFS
Drive E: | 86,36 Gb Total Space | 37,88 Gb Free Space | 43,86% Space Free | Partition Type: FAT32
Drive F: | 83,98 Gb Total Space | 31,95 Gb Free Space | 38,05% Space Free | Partition Type: FAT32

Computer Name: OEM-C38F3E6B353 | User Name: Korppi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
PRC - [2010-07-12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files\Winamp\winampa.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-09-30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009-03-28 22:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2008-04-23 02:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007-06-18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006-12-23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-12-23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006-10-31 12:17:42 | 002,404,352 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 2.0.4\program\soffice.bin
PRC - [2006-10-31 12:17:36 | 002,252,800 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 2.0.4\program\soffice.exe
PRC - [2006-10-11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005-06-02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005-05-04 09:01:36 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINNT\ALCWZRD.EXE
PRC - [2005-05-03 17:43:50 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\SOUNDMAN.EXE
PRC - [2004-04-12 10:14:24 | 001,695,830 | ---- | M] (ABIT Computer Corporation) -- C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
PRC - [2004-04-08 11:19:32 | 000,229,376 | ---- | M] (AIBT Computer Corp.) -- C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
PRC - [2004-01-26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe
PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006-10-04 21:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010-03-29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005-06-02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-03-19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-03-19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-02-09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-07-31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008-07-26 05:48:00 | 006,097,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-07-02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005-06-08 15:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-01-07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-10-05 10:39:18 | 000,057,856 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBVCD.sys -- (USBVCD)
DRV - [2004-10-05 10:39:18 | 000,006,528 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\VCIDRV.sys -- (VCIDRV)
DRV - [2004-02-27 10:04:10 | 000,004,608 | ---- | M] (ABIT Computer Corp.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ProcObsrv.sys -- (ProcObsrv)
DRV - [2004-02-26 16:52:22 | 000,010,752 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\uGuru.sys -- (uGuru)
DRV - [2003-12-31 17:53:14 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003-12-08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\alcaudsl.sys -- (alcaudsl)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=011
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1275210071-789336058-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:1.1
FF - prefs.js..extensions.enabledItems: fi@dictionaries.addons.mozilla.org:1.0.2.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {D48A12C2-E0F4-4640-8ADE-2DE4959E0F3D}:1.3.3
FF - prefs.js..extensions.enabledItems: {79fcaa13-5f29-4c33-aad7-6c48c175760a}:0.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010-10-27 21:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010-10-27 21:14:38 | 000,000,000 | ---D | M]

[2008-08-26 21:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Extensions
[2011-01-12 18:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions
[2010-05-03 19:44:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-16 21:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010-12-16 23:38:42 | 000,000,000 | ---D | M] ("Stop Autoplay") -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2010-04-16 21:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2010-08-14 17:57:58 | 000,000,000 | ---D | M] (zoomFox) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2010-07-25 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010-09-22 18:49:19 | 000,000,000 | ---D | M] (Youtube Tooltip) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{D48A12C2-E0F4-4640-8ADE-2DE4959E0F3D}
[2010-05-03 19:44:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-09-22 18:49:18 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010-07-17 14:01:23 | 000,000,000 | ---D | M] (Suomen kielen oikoluku) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\fi@dictionaries.addons.mozilla.org
[2010-11-11 17:40:26 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\info@djzig.com
[2010-11-12 22:00:05 | 000,000,000 | ---D | M] (qtl) -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\extensions\qtl.co.il@gmail.com
[2008-02-08 19:26:40 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\aolsearch.xml
[2009-08-19 22:33:57 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\kaannoscom-fi-en.xml
[2009-08-19 22:32:23 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\youtube.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KORPPI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\8BMUQNGG.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KORPPI\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\8BMUQNGG.DEFAULT\EXTENSIONS\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
[2009-01-17 17:53:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Korppi\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINNT\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [ScanSoft OmniPage SE 4.0-reminder] C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Skrót do strony właściwości High Definition Audio] C:\WINNT\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1275210071-789336058-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Korppi\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-789336058-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab (PopCapLoader Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-18 13:18:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-08-30 08:34:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070282.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070281.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\biooolaa.rar
[2011-01-12 18:17:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-01-11 21:18:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
[2011-01-10 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Korppi\Dane aplikacji\Malwarebytes
[2011-01-10 17:29:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011-01-10 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-01-10 17:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-01-10 17:29:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011-01-10 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-09 20:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
[2011-01-09 20:15:10 | 094,943,824 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Korppi\Pulpit\NAV-TW-30-18-5-0-125-PL.exe
[2011-01-06 18:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Korppi\Pulpit\2011_01_06
[2010-12-15 20:29:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndproxy.sys
[2010-12-15 20:18:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wab.exe
[2008-04-22 14:46:35 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070282.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\P1070281.JPG
File not found -- C:\Documents and Settings\Korppi\Pulpit\biooolaa.rar
[2011-01-12 18:26:25 | 001,096,384 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2011-01-12 18:26:25 | 000,493,632 | ---- | M] () -- C:\WINNT\System32\perfh015.dat
[2011-01-12 18:26:25 | 000,435,260 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011-01-12 18:26:25 | 000,084,916 | ---- | M] () -- C:\WINNT\System32\perfc015.dat
[2011-01-12 18:26:25 | 000,068,156 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011-01-12 18:23:06 | 000,194,909 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2011-01-12 18:23:06 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2011-01-12 18:22:30 | 000,000,972 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011-01-12 18:22:22 | 000,001,032 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-12 18:22:19 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2011-01-12 18:22:10 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011-01-12 18:21:25 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Korppi\NTUSER.DAT
[2011-01-12 00:21:59 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Korppi\ntuser.ini
[2011-01-11 23:29:03 | 000,001,036 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-11 21:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Korppi\Pulpit\OTL.exe
[2011-01-11 21:13:52 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\58jgjps9.exe
[2011-01-11 21:12:10 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011-01-11 20:39:05 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Microsoft Office Word 2007.lnk
[2011-01-10 21:28:53 | 002,944,828 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz2.JPG
[2011-01-10 21:28:43 | 002,960,960 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz1.JPG
[2011-01-10 17:29:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-01-09 20:29:51 | 094,943,824 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Korppi\Pulpit\NAV-TW-30-18-5-0-125-PL.exe
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010-12-18 01:45:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-12-16 23:36:03 | 000,302,032 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010-12-15 23:47:17 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010-12-15 23:20:49 | 003,736,170 | ---- | M] () -- C:\Documents and Settings\Korppi\Pulpit\Sonata Arctica - Sing In Silence.mp3
[2010-12-13 22:10:57 | 000,015,539 | ---- | M] () -- C:\Documents and Settings\Korppi\Moje dokumenty\Reaktory jądrowe to urządzenia.docx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-01-11 21:13:51 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\58jgjps9.exe
[2011-01-10 21:28:09 | 002,944,828 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz2.JPG
[2011-01-10 21:27:58 | 002,960,960 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Fiz1.JPG
[2011-01-10 17:29:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-12-15 23:20:21 | 003,736,170 | ---- | C] () -- C:\Documents and Settings\Korppi\Pulpit\Sonata Arctica - Sing In Silence.mp3
[2010-12-13 21:20:27 | 000,015,539 | ---- | C] () -- C:\Documents and Settings\Korppi\Moje dokumenty\Reaktory jądrowe to urządzenia.docx
[2009-06-25 15:41:45 | 000,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2009-06-06 00:37:32 | 000,000,058 | ---- | C] () -- C:\WINNT\wininit.ini
[2009-05-26 23:44:50 | 004,762,112 | ---- | C] () -- C:\WINNT\System32\NCMedia.dll
[2009-05-26 23:44:50 | 000,383,238 | ---- | C] () -- C:\WINNT\System32\libmp3lame-0.dll
[2008-12-03 18:10:29 | 000,081,858 | ---- | C] () -- C:\Documents and Settings\Korppi\Dane aplikacji\NMM-MetaData.db
[2008-11-16 16:56:40 | 000,000,019 | ---- | C] () -- C:\WINNT\SoundConverter.INI
[2008-07-26 05:48:00 | 001,724,416 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2008-07-26 05:48:00 | 001,499,136 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2008-07-26 05:48:00 | 001,101,824 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2008-07-26 05:48:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2008-07-26 05:48:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2008-07-25 17:51:29 | 000,000,000 | ---- | C] () -- C:\WINNT\Wygaszacz Zegar.ini
[2008-06-17 18:16:31 | 000,000,416 | ---- | C] () -- C:\WINNT\MAXLINK.INI
[2008-06-17 17:20:35 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\CNCFLbNL.DLL
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSwedish.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSpanish.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelPortugese.dll
[2008-06-11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelKorean.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelJapanese.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelGerman.dll
[2008-06-11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelFrench.dll
[2008-06-05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINNT\System32\physxcudart_20.dll
[2008-04-16 19:55:01 | 000,000,487 | ---- | C] () -- C:\WINNT\iScreensaver.ini
[2008-03-29 23:06:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2008-03-23 22:53:10 | 000,001,910 | ---- | C] () -- C:\WINNT\bestplayer.ini
[2008-01-18 20:57:14 | 000,000,019 | ---- | C] () -- C:\WINNT\KNP.INI
[2007-11-10 15:02:48 | 000,000,235 | ---- | C] () -- C:\WINNT\disney.ini
[2007-11-10 15:02:35 | 000,000,364 | ---- | C] () -- C:\WINNT\disneysy.ini
[2007-10-20 18:10:32 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2007-10-20 13:48:12 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2007-10-20 13:38:07 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-20 10:38:34 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS2t.DLL
[2007-10-20 10:34:58 | 000,000,374 | ---- | C] () -- C:\WINNT\System32\CNCMFP10.INI
[2007-10-18 23:07:42 | 002,115,446 | -H-- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2007-10-18 22:32:14 | 000,080,424 | ---- | C] () -- C:\Documents and Settings\Korppi\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2007-10-18 22:31:36 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Korppi\Dane aplikacji\desktop.ini
[2007-10-18 22:04:10 | 000,005,606 | ---- | C] () -- C:\WINNT\System32\stci.dll
[2007-10-18 15:05:19 | 001,096,384 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup.INI
[2007-10-18 15:05:18 | 000,004,205 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2007-10-18 15:04:30 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2007-10-18 13:58:11 | 000,593,938 | ---- | C] () -- C:\WINNT\System32\x264vfw.dll
[2007-10-18 13:58:10 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2007-10-18 13:58:10 | 000,765,952 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2007-10-18 13:58:10 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2007-10-18 13:30:32 | 000,018,606 | ---- | C] () -- C:\WINNT\System32\FlashMenu.sys
[2007-10-18 13:30:32 | 000,010,414 | ---- | C] () -- C:\WINNT\System32\drivers\FlashMenu.sys
[2007-10-18 13:30:32 | 000,005,960 | ---- | C] () -- C:\WINNT\System32\drivers\HWDRV.SYS
[2007-10-18 13:30:32 | 000,005,018 | ---- | C] () -- C:\WINNT\System32\drivers\HWIOCTL.SYS
[2007-10-18 13:30:32 | 000,004,047 | ---- | C] () -- C:\WINNT\System32\drivers\MEMCTL.SYS
[2007-10-18 13:30:32 | 000,003,548 | ---- | C] () -- C:\WINNT\System32\drivers\WINFLASH.SYS
[2007-10-18 13:30:32 | 000,002,721 | ---- | C] () -- C:\WINNT\System32\drivers\AMINTSYS.SYS
[2007-10-18 13:18:42 | 000,000,000 | ---- | C] () -- C:\WINNT\control.ini
[2007-10-18 13:15:18 | 000,000,037 | ---- | C] () -- C:\WINNT\vbaddin.ini
[2007-10-18 13:15:18 | 000,000,036 | ---- | C] () -- C:\WINNT\vb.ini
[2007-10-18 13:14:35 | 000,026,717 | ---- | C] () -- C:\WINNT\System32\tslabels.ini
[2007-10-18 13:14:33 | 000,003,813 | ---- | C] () -- C:\WINNT\System32\msdtcprf.ini
[2007-03-29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINNT\System32\CddbCdda.dll
[2007-01-26 00:04:12 | 000,138,752 | ---- | C] () -- C:\WINNT\System32\mase32.dll
[2007-01-26 00:04:12 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\ma32.dll
[2005-09-09 11:08:44 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2005-02-24 17:56:45 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2004-08-04 01:44:10 | 000,270,848 | ---- | C] () -- C:\WINNT\System32\sbe.dll
[2004-08-04 01:44:04 | 000,014,336 | ---- | C] () -- C:\WINNT\System32\msdmo.dll
[2004-08-04 01:43:58 | 000,186,880 | ---- | C] () -- C:\WINNT\System32\encdec.dll
[2004-08-04 01:43:56 | 000,253,440 | ---- | C] () -- C:\WINNT\System32\compatui.dll
[2004-08-04 01:43:54 | 000,070,656 | ---- | C] () -- C:\WINNT\System32\amstream.dll
[2004-08-04 01:43:16 | 000,733,696 | ---- | C] () -- C:\WINNT\System32\qedwipes.dll
[2004-08-03 23:46:56 | 000,042,537 | ---- | C] () -- C:\WINNT\System32\keyboard.sys
[2004-08-03 23:45:34 | 000,033,936 | ---- | C] () -- C:\WINNT\System32\ntio.sys
[2004-08-03 23:45:16 | 000,035,424 | ---- | C] () -- C:\WINNT\System32\ntio412.sys
[2004-08-03 23:45:16 | 000,034,560 | ---- | C] () -- C:\WINNT\System32\ntio404.sys
[2004-08-03 23:45:14 | 000,034,560 | ---- | C] () -- C:\WINNT\System32\ntio804.sys
[2004-08-03 23:45:12 | 000,035,648 | ---- | C] () -- C:\WINNT\System32\ntio411.sys
[2004-07-17 12:46:14 | 000,053,478 | ---- | C] () -- C:\WINNT\System32\tcpmon.ini
[2004-07-17 12:34:48 | 000,355,112 | ---- | C] () -- C:\WINNT\System32\msjetoledb40.dll
[2001-10-26 20:29:40 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\scriptpw.dll
[2001-10-26 20:29:32 | 000,199,168 | ---- | C] () -- C:\WINNT\System32\ir32_32.dll
[2001-10-26 20:28:34 | 000,094,282 | ---- | C] () -- C:\WINNT\System32\msencode.dll
[2001-10-26 20:27:02 | 000,015,360 | ---- | C] () -- C:\WINNT\System32\tsd32.dll
[2001-10-26 19:15:04 | 000,027,898 | ---- | C] () -- C:\WINNT\System32\ntdos.sys
[2001-10-26 19:14:52 | 000,004,976 | ---- | C] () -- C:\WINNT\System32\himem.sys
[2001-10-26 19:14:32 | 000,009,043 | ---- | C] () -- C:\WINNT\System32\ansi.sys
[2001-10-26 19:12:52 | 000,000,359 | ---- | C] () -- C:\WINNT\System32\prodspec.ini
[2001-10-26 18:45:26 | 000,016,024 | ---- | C] () -- C:\WINNT\System32\rsvp.ini
[2001-10-26 18:45:26 | 000,006,074 | ---- | C] () -- C:\WINNT\System32\rasctrs.ini
[2001-10-26 18:45:24 | 000,013,819 | ---- | C] () -- C:\WINNT\System32\pschdprf.ini
[2001-10-26 18:42:08 | 000,020,629 | ---- | C] () -- C:\WINNT\System32\mqperf.ini
[2001-10-26 18:42:08 | 000,002,992 | ---- | C] () -- C:\WINNT\System32\perfci.ini
[2001-10-26 18:42:08 | 000,002,890 | ---- | C] () -- C:\WINNT\System32\perfwci.ini
[2001-10-26 18:42:08 | 000,001,295 | ---- | C] () -- C:\WINNT\System32\perffilt.ini
[2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINNT\System32\paqsp.dll
[2001-08-18 00:31:56 | 000,042,809 | ---- | C] () -- C:\WINNT\System32\key01.sys
[2001-08-18 00:31:56 | 000,027,097 | ---- | C] () -- C:\WINNT\System32\country.sys
[2001-08-18 00:31:50 | 000,029,274 | ---- | C] () -- C:\WINNT\System32\ntdos412.sys
[2001-08-18 00:31:46 | 000,029,370 | ---- | C] () -- C:\WINNT\System32\ntdos411.sys
[2001-08-18 00:31:46 | 000,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos404.sys
[2001-08-18 00:31:44 | 000,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos804.sys
[2001-08-18 00:13:24 | 000,002,656 | ---- | C] () -- C:\WINNT\System32\netware.drv
[2001-08-17 22:55:06 | 001,015,477 | ---- | C] () -- C:\WINNT\System32\esentprf.ini
[2001-07-22 05:25:18 | 000,001,405 | ---- | C] () -- C:\WINNT\msdfmap.ini
[2001-07-22 01:16:20 | 000,000,661 | ---- | C] () -- C:\WINNT\win.ini
[2001-07-22 01:15:52 | 000,000,231 | ---- | C] () -- C:\WINNT\system.ini
[2001-07-22 01:15:50 | 000,013,312 | ---- | C] () -- C:\WINNT\System32\win87em.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-04-04 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2008-06-17 17:20:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2010-04-03 23:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-12-07 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy
[2010-09-01 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2008-04-23 10:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GoBit Games
[2010-02-12 22:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2009-12-29 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2008-05-03 23:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
[2007-11-11 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo
[2010-02-13 16:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2007-11-23 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Oberon Media
[2010-03-26 23:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OdlotowaFarma2
[2010-09-04 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-12-03 17:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2008-05-25 17:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\phenomedia
[2009-09-01 13:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2009-09-01 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle VideoSpin
[2007-10-30 21:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap
[2008-06-17 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2009-07-09 01:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-01 12:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2008-04-22 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Winferno
[2008-11-07 22:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom
[2010-06-19 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\4Media
[2011-01-06 18:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Canon
[2008-08-03 22:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Desperate Housewives
[2009-06-06 00:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Disney Interactive Studios
[2010-09-01 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Gadu-Gadu 10
[2010-07-02 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\GanymedeNet
[2010-03-02 13:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\ipla
[2008-04-16 19:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\iScreensaver
[2009-01-23 20:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\MusicIP
[2010-02-18 00:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nokia
[2008-12-03 18:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nokia Multimedia Player
[2010-07-13 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Nowe Gadu-Gadu
[2010-09-01 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\OpenFM
[2011-01-12 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\OpenOffice.ux.pl2
[2010-08-12 19:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Opera
[2009-01-19 02:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\PC Suite
[2007-10-20 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\poleng
[2008-06-17 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\ScanSoft
[2007-10-20 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\The Rasmus Player
[2008-08-26 21:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Thunderbird
[2008-12-03 18:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Korppi\Dane aplikacji\Ulead Systems
[2008-06-17 18:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\Canon
[2009-02-19 23:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\PC Suite
[2008-06-17 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\ScanSoft
[2009-09-01 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oem\Dane aplikacji\Ulead Systems
[2008-04-22 14:41:59 | 000,000,386 | ---- | M] () -- C:\WINNT\Tasks\rpc.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[wojtas]

wklej do OTL i daj wykonaj skrypt

:Files
C:\Documents and Settings\Korppi\Dane aplikacji\Mozilla\Firefox\Profiles\8bmuqngg.default\searchplugins\aolsearch.xml
C:\WINNT\Tasks\rpc.job

1.Uruchom OTL z opcji sprzątanie.
2. wykonaj optymalizację Windowsa
3. zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
4. Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8

>>> Java™ 6 Update 23

>>> Avast 5

[Lape]

Do czego ma służyć ten skrypt? Pliki-widmo zniknęły same, jeżeli o to chodzi. Nie mogę zaktualizować Adobe Readera, bo nie może znaleźć jakiejś wtyczki. Czy muszę też aktualizować Explorera, jeżeli w ogóle nie korzystam z tej przeglądarki?

[wojtas]

usunięcie zbedych plików, zaktualizuj explorera nawet jak nie używasz

[Lape]

Czy powinnam zrobić coś jeszcze, np. wstawić jakieś logi? Jeśli to już wszystko to dziękuję bardzo za pomoc.

[wojtas]

nic nie trzeba pozdro