Elektroda.pl
Elektroda.pl
X
Computer ControlsComputer Controls
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

prośba o sprawdzenie loga hijackthis

01 Lis 2010 20:13 2215 3
  • Poziom 9  
    czy jest tu coś nie tak? bardzo proszę o pomoc
    Cytat:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:11:31, on 2010-11-01
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    D:\Gadu-Gadu 10\gg.exe
    C:\Users\Albert\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    D:\Mozilla\firefox.exe
    C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    D:\Mozilla\plugin-container.exe
    D:\hjt\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
    O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Gadu-Gadu 10] "D:\Gadu-Gadu 10\gg.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [EA Core] "E:\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Albert\Program Files (x86)\DNA\btdna.exe"
    O4 - HKCU\..\Run: [RGSC] E:\Gta\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9199 bytes
  • Computer ControlsComputer Controls
  • Computer ControlsComputer Controls
  • Poziom 9  
    extras.txt
    Cytat:
    OTL Extras logfile created on: 2010-11-01 21:29:26 - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Albert\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97,56 Gb Total Space | 71,71 Gb Free Space | 73,50% Space Free | Partition Type: NTFS
    Drive D: | 418,82 Gb Total Space | 330,45 Gb Free Space | 78,90% Space Free | Partition Type: NTFS
    Drive E: | 415,04 Gb Total Space | 366,27 Gb Free Space | 88,25% Space Free | Partition Type: NTFS

    Computer Name: ALBERT-KOMPUTER | User Name: Albert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2168809494-3714326188-673154846-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Shop for HP Supplies" = Shop for HP Supplies
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = Archiwizator WinRAR

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1E445925-273D-4186-88A0-B8D1B6B119E2}" = WRC FIA World Rally Championship
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
    "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{67DD11CB-7C27-4072-B970-B57755294B28}" = Windows Macro Recorder
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28
    "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
    "{B6E3F2A0-DDBB-4F0A-BA7C-09138605DDAC}" = WRC FIA World Rally Championship
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ArcaniA" = ArcaniA - Gothic 4
    "avast5" = avast! Free Antivirus
    "BitComet" = BitComet 1.19
    "EADM" = EA Download Manager
    "F1 2010_is1" = F1 2010
    "Gadu-Gadu 10" = Gadu-Gadu 10
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "OpenAL" = OpenAL
    "SopCast" = SopCast 3.2.9
    "UltraISO_is1" = UltraISO Premium V9.36
    "uTorrent" = µTorrent
    "WinLiveSuite" = Podstawowe programy Windows Live

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2168809494-3714326188-673154846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent DNA" = DNA
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2010-10-28 11:34:37 | Computer Name = Albert-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
    aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
    wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
    bieżącego zegara systemowego lub sygnatury czasowej. .

    Error - 2010-10-28 11:34:38 | Computer Name = Albert-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
    aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
    wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
    bieżącego zegara systemowego lub sygnatury czasowej. .

    Error - 2010-10-28 11:34:47 | Computer Name = Albert-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
    aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
    wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
    bieżącego zegara systemowego lub sygnatury czasowej. .

    Error - 2010-10-28 13:42:46 | Computer Name = Albert-Komputer | Source = Application Error | ID = 1000
    Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.7.1.0,
    sygnatura czasowa: 0x4453c8ad Nazwa modułu powodującego błąd: mfc42.dll, wersja:
    6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
    0x00013613 Identyfikator procesu powodującego błąd: 0x1314 Godzina uruchomienia aplikacji
    powodującej błąd: 0x01cb76ba3a311abb Ścieżka aplikacji powodującej błąd: C:\Users\Albert\Downloads\DBL
    1.8\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\mfc42.dll
    Identyfikator
    raportu: c602ccc3-e2ba-11df-8e64-00241dd2120b

    Error - 2010-10-28 13:42:59 | Computer Name = Albert-Komputer | Source = Application Error | ID = 1000
    Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.7.1.0,
    sygnatura czasowa: 0x4453c8ad Nazwa modułu powodującego błąd: mfc42.dll, wersja:
    6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
    0x00013613 Identyfikator procesu powodującego błąd: 0x1314 Godzina uruchomienia aplikacji
    powodującej błąd: 0x01cb76ba3a311abb Ścieżka aplikacji powodującej błąd: C:\Users\Albert\Downloads\DBL
    1.8\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\mfc42.dll
    Identyfikator
    raportu: cd9da0a4-e2ba-11df-8e64-00241dd2120b

    Error - 2010-10-29 14:49:12 | Computer Name = Albert-Komputer | Source = Application Error | ID = 1000
    Description = Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 1.9.2.3951,
    sygnatura czasowa: 0x4cc7add9 Nazwa modułu powodującego błąd: ntdll.dll, wersja:
    6.1.7600.16559, sygnatura czasowa: 0x4ba9b29c Kod wyjątku: 0xc0000005 Przesunięcie
    błędu: 0x00022262 Identyfikator procesu powodującego błąd: 0x910 Godzina uruchomienia
    aplikacji powodującej błąd: 0x01cb7799dab54e83 Ścieżka aplikacji powodującej błąd:
    D:\Mozilla\plugin-container.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll
    Identyfikator
    raportu: 384203b8-e38d-11df-9c2d-00241dd2120b

    Error - 2010-10-30 11:01:53 | Computer Name = Albert-Komputer | Source = SideBySide | ID = 16842811
    Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Albert\AppData\Local\Temp\EAD8A15.exe".
    Błąd w pliku manifestu lub w pliku zasad "C:\Users\Albert\AppData\Local\Temp\EAD8A15.exe"
    w wierszu 0. Nieprawidłowa składnia XML.

    Error - 2010-10-30 12:12:47 | Computer Name = Albert-Komputer | Source = Application Hang | ID = 1002
    Description = Program FIFA11_PATCH101.exe w wersji 6.50.0.0 zatrzymał interakcję
    z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
    informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
    Centrum akcji. Identyfikator procesu: 101c Godzina rozpoczęcia: 01cb784d0f0abd64 Godzina
    zakończenia: 2 Ścieżka aplikacji: C:\Users\Albert\Downloads\FIFA11_PATCH101.exe Identyfikator
    raportu: 85b4a5fd-e440-11df-bc16-00241dd2120b

    Error - 2010-11-01 16:26:48 | Computer Name = Albert-Komputer | Source = Application Error | ID = 1000
    Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.7.1.0,
    sygnatura czasowa: 0x4453c8ad Nazwa modułu powodującego błąd: mfc42.dll, wersja:
    6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
    0x00013613 Identyfikator procesu powodującego błąd: 0x95c Godzina uruchomienia aplikacji
    powodującej błąd: 0x01cb79fcb7c4aa1e Ścieżka aplikacji powodującej błąd: C:\Users\Albert\Downloads\DBL
    1.8\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\mfc42.dll
    Identyfikator
    raportu: 59f6b4f0-e5f6-11df-8ca7-00241dd2120b

    Error - 2010-11-01 16:26:52 | Computer Name = Albert-Komputer | Source = Application Error | ID = 1000
    Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.7.1.0,
    sygnatura czasowa: 0x4453c8ad Nazwa modułu powodującego błąd: mfc42.dll, wersja:
    6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
    0x00013613 Identyfikator procesu powodującego błąd: 0x95c Godzina uruchomienia aplikacji
    powodującej błąd: 0x01cb79fcb7c4aa1e Ścieżka aplikacji powodującej błąd: C:\Users\Albert\Downloads\DBL
    1.8\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\mfc42.dll
    Identyfikator
    raportu: 5beaeb23-e5f6-11df-8ca7-00241dd2120b

    [ System Events ]
    Error - 2010-07-13 09:06:53 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-13 11:36:16 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-14 03:09:11 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-14 08:32:05 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-14 09:28:07 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-14 14:27:09 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-15 04:50:49 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-15 09:46:29 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-15 10:33:58 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2

    Error - 2010-07-15 19:08:50 | Computer Name = Albert-Komputer | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi TBPanel z powodu następującego błędu: %%2


    < End of report >


    otl.txt
    Cytat:
    OTL logfile created on: 2010-11-01 21:29:25 - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Albert\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97,56 Gb Total Space | 71,71 Gb Free Space | 73,50% Space Free | Partition Type: NTFS
    Drive D: | 418,82 Gb Total Space | 330,45 Gb Free Space | 78,90% Space Free | Partition Type: NTFS
    Drive E: | 415,04 Gb Total Space | 366,27 Gb Free Space | 88,25% Space Free | Partition Type: NTFS

    Computer Name: ALBERT-KOMPUTER | User Name: Albert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010-11-01 21:27:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Downloads\OTL.exe
    PRC - [2010-10-29 19:48:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Mozilla\firefox.exe
    PRC - [2010-10-29 19:48:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Mozilla\plugin-container.exe
    PRC - [2010-09-13 00:09:56 | 012,653,152 | ---- | M] (GG Network S.A.) -- D:\Gadu-Gadu 10\gg.exe
    PRC - [2010-08-07 12:04:18 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Albert\Program Files (x86)\DNA\btdna.exe
    PRC - [2010-05-06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010-05-06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009-12-09 21:12:50 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    PRC - [2009-12-07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2009-11-24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
    PRC - [2009-06-22 20:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-11-01 21:27:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Downloads\OTL.exe
    MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010-05-06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010-05-06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010-05-06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2009-12-07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2009-06-22 20:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010-05-06 21:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010-02-03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009-11-11 09:54:46 | 000,676,864 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
    DRV:64bit: - [2009-07-17 16:32:04 | 000,109,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-10 11:10:10 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2010-01-29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=dis
    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: smartwebprinting(malpa)hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: zrzuta.eu(malpa)gmail.com:1.0
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: toolbar(malpa)ask.com:3.9.1.14019
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=BBADD0B0-8E69-486F-9994-F59212965D94&apn_ptnrs=PV&apn_sauid=02CC5DC0-015A-4F53-B8B3-54AB7180E176&apn_dtid=YYYYYYYYPL&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-02 20:43:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Mozilla\components [2010-10-29 19:48:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Mozilla\plugins [2010-10-29 19:48:13 | 000,000,000 | ---D | M]

    [2010-03-02 20:42:56 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions
    [2010-11-01 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\26odm5x4.default\extensions
    [2010-10-29 20:19:52 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\26odm5x4.default\extensions\toolbar@ask.com
    [2010-06-21 18:49:26 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\26odm5x4.default\extensions\zrzuta.eu@gmail.com
    [2010-11-01 10:34:21 | 000,002,568 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Mozilla\FireFox\Profiles\26odm5x4.default\searchplugins\askcom.xml

    O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
    O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000..\Run: [BitTorrent DNA] C:\Users\Albert\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000..\Run: [EA Core] E:\EADM\Core.exe (Electronic Arts)
    O4 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000..\Run: [Gadu-Gadu 10] D:\Gadu-Gadu 10\gg.exe (GG Network S.A.)
    O4 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000..\Run: [RGSC] E:\Gta\Rockstar Games Social Club\RGSCLauncher.exe File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010-10-27 12:52:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
    [2010-10-27 12:52:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
    [2010-10-27 12:52:04 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
    [2010-10-27 12:52:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
    [2010-10-27 12:52:04 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
    [2010-10-27 12:52:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
    [2010-10-27 12:52:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
    [2010-10-27 12:51:53 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2010-10-21 18:28:05 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\ArcaniA - Gothic 4
    [2010-10-21 17:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010-10-21 14:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010-10-21 14:40:46 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Local\Windows Live
    [2010-10-21 14:40:16 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2010-10-21 14:40:16 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2010-10-21 14:40:16 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2010-10-21 14:40:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2010-10-21 14:40:16 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2010-10-21 14:40:15 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2010-10-21 14:40:15 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2010-10-17 17:57:48 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\NVIDIA
    [2010-10-17 17:57:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
    [2010-10-17 17:57:46 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\EA Games
    [2010-10-16 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
    [2010-10-16 17:51:13 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\My Games
    [2010-10-16 17:49:59 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
    [2010-10-16 17:49:59 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
    [2010-10-16 17:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
    [2010-10-16 17:49:57 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2010-10-16 17:49:57 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2010-10-16 17:49:57 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
    [2010-10-16 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2010-10-16 17:49:56 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
    [2010-10-14 20:36:07 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
    [2010-10-14 20:36:07 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
    [2010-10-14 20:36:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
    [2010-10-14 20:36:02 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
    [2010-10-14 20:36:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2010-10-14 20:35:59 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
    [2010-10-14 20:35:59 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
    [2010-10-14 20:35:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
    [2010-10-14 20:35:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
    [2010-10-14 20:35:54 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2010-10-14 20:35:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010-10-14 20:35:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2010-10-14 20:35:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2010-10-14 20:35:53 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2010-10-14 20:35:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2010-10-14 20:35:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010-10-14 20:35:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2010-10-14 20:35:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010-10-14 20:35:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010-10-14 20:35:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2010-10-14 20:35:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010-10-14 20:35:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010-10-14 20:35:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2010-10-14 20:35:48 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
    [2010-10-14 20:35:47 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
    [2010-10-14 20:35:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
    [2010-10-14 20:35:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
    [2010-10-14 20:35:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
    [2010-10-14 15:24:04 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\BlackBean
    [2010-10-13 18:06:21 | 000,000,000 | ---D | C] -- C:\brsw
    [2010-10-13 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Tibia
    [2010-10-13 11:59:31 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\uTorrent
    [2010-10-04 20:05:02 | 000,000,000 | ---D | C] -- C:\Users\Albert\Desktop\zdj
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010-11-01 20:13:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010-11-01 20:13:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010-11-01 20:11:58 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010-11-01 20:11:58 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
    [2010-11-01 20:11:58 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010-11-01 20:11:58 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
    [2010-11-01 20:11:58 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010-11-01 20:11:12 | 000,002,949 | ---- | M] () -- C:\Users\Albert\Desktop\HiJackThis.lnk
    [2010-11-01 20:06:23 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempQX2148.html
    [2010-11-01 20:06:23 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempTY2148.html
    [2010-11-01 20:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010-11-01 20:05:46 | 1607,065,600 | -HS- | M] () -- C:\hiberfil.sys
    [2010-11-01 20:04:56 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempVI2188.html
    [2010-11-01 20:04:56 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempXa2188.html
    [2010-11-01 19:12:23 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempLJ2136.html
    [2010-11-01 19:12:23 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempkx2136.html
    [2010-11-01 12:56:52 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempaC1512.html
    [2010-11-01 12:56:52 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempWn1512.html
    [2010-11-01 10:53:06 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempwi2152.html
    [2010-11-01 10:53:06 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempeP2152.html
    [2010-10-31 22:05:32 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempXP2516.html
    [2010-10-31 22:05:32 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempRm2516.html
    [2010-10-31 21:00:50 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempOY2176.html
    [2010-10-31 14:00:17 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempYi2212.html
    [2010-10-31 14:00:17 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempWD2212.html
    [2010-10-30 22:52:16 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempsQ2344.html
    [2010-10-30 22:52:16 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempHM2344.html
    [2010-10-29 19:31:03 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempKi3600.html
    [2010-10-29 19:31:03 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempqR3600.html
    [2010-10-29 18:11:55 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempvbp952.html
    [2010-10-28 20:34:46 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempAF2580.html
    [2010-10-27 20:47:46 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempeS2192.html
    [2010-10-27 20:47:46 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempPz2192.html
    [2010-10-27 19:42:03 | 000,108,362 | ---- | M] () -- C:\Users\Albert\Desktop\ZinaCennik2010.pdf
    [2010-10-27 15:41:25 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempuz4816.html
    [2010-10-27 15:41:25 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TemprK4816.html
    [2010-10-27 13:56:32 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempFh2104.html
    [2010-10-27 13:25:02 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempKq2516.html
    [2010-10-27 13:25:02 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempVy2516.html
    [2010-10-26 21:10:01 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempES2164.html
    [2010-10-26 21:10:01 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempCx2164.html
    [2010-10-25 20:55:13 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempET1516.html
    [2010-10-25 20:55:13 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temprj1516.html
    [2010-10-24 21:31:18 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempBI2660.html
    [2010-10-24 21:31:18 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempol2660.html
    [2010-10-24 12:03:41 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempiS2552.html
    [2010-10-24 12:03:41 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempcW2552.html
    [2010-10-23 21:37:27 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempan1272.html
    [2010-10-23 21:37:27 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempws1272.html
    [2010-10-23 17:21:00 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempFs2888.html
    [2010-10-23 17:21:00 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temptv2888.html
    [2010-10-23 08:19:07 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempnL2108.html
    [2010-10-22 18:31:00 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempOQ1696.html
    [2010-10-22 18:31:00 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempnv1696.html
    [2010-10-22 16:19:58 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempdD2080.html
    [2010-10-22 16:19:58 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempQt2080.html
    [2010-10-21 19:28:38 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempkq2948.html
    [2010-10-21 19:28:38 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempeu2948.html
    [2010-10-21 17:15:23 | 000,000,688 | ---- | M] () -- C:\Users\Albert\Desktop\Start ArcaniA - Gothic 4.lnk
    [2010-10-21 16:52:58 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempIB2144.html
    [2010-10-21 16:52:58 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempAw2144.html
    [2010-10-21 14:37:25 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempQB2824.html
    [2010-10-21 14:37:25 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempwf2824.html
    [2010-10-20 18:13:50 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempKa1500.html
    [2010-10-20 18:13:50 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempnN1500.html
    [2010-10-19 20:44:49 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempZw2036.html
    [2010-10-19 20:44:49 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempjd2036.html
    [2010-10-18 20:37:28 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempxa1736.html
    [2010-10-18 20:37:28 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempkp1736.html
    [2010-10-18 17:09:35 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temptr1604.html
    [2010-10-17 20:27:07 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempDF2196.html
    [2010-10-17 20:27:07 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempCZ2196.html
    [2010-10-17 17:56:52 | 000,000,915 | ---- | M] () -- C:\Users\Albert\Desktop\moh.exe.lnk
    [2010-10-17 17:37:33 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempUj2732.html
    [2010-10-17 17:37:33 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempog2732.html
    [2010-10-17 15:51:09 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempyh2172.html
    [2010-10-17 15:51:09 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempZP2172.html
    [2010-10-17 09:21:28 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempTd2740.html
    [2010-10-17 09:21:28 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempNi2740.html
    [2010-10-16 18:56:32 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temprv2392.html
    [2010-10-16 17:49:57 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2010-10-16 17:49:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2010-10-16 17:49:57 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
    [2010-10-16 17:49:56 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
    [2010-10-16 17:49:53 | 000,000,537 | ---- | M] () -- C:\Users\Albert\Desktop\Launch F1 2010.lnk
    [2010-10-15 21:14:40 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempVvi988.html
    [2010-10-15 21:14:40 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TemptTo988.html
    [2010-10-15 18:46:39 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempWK2148.html
    [2010-10-15 18:46:39 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempVr2148.html
    [2010-10-15 15:10:33 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TemphT2316.html
    [2010-10-15 15:10:33 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempCB2316.html
    [2010-10-15 14:39:21 | 000,364,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010-10-14 20:48:12 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TemplI2184.html
    [2010-10-14 20:48:12 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempeX2184.html
    [2010-10-14 15:21:35 | 000,000,542 | ---- | M] () -- C:\Users\Public\Desktop\Play WRC FIA World Rally Championship.lnk
    [2010-10-14 09:05:38 | 000,005,137 | ---- | M] () -- C:\Users\Albert\Desktop\pobieranie.jpg
    [2010-10-13 21:23:47 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempfN5016.html
    [2010-10-13 21:23:47 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempts5016.html
    [2010-10-13 21:21:07 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempzo1688.html
    [2010-10-13 21:21:07 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempAR1688.html
    [2010-10-13 12:00:17 | 000,000,526 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010-10-12 18:40:28 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempLj1828.html
    [2010-10-12 18:40:28 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempSG1828.html
    [2010-10-12 16:35:32 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempvy1724.html
    [2010-10-12 16:35:32 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempgh1724.html
    [2010-10-11 20:33:36 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempJo1552.html
    [2010-10-11 20:33:36 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempql1552.html
    [2010-10-10 20:06:37 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempud2028.html
    [2010-10-10 20:06:37 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempfc2028.html
    [2010-10-10 12:57:29 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempuS2044.html
    [2010-10-10 12:57:29 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempuo2044.html
    [2010-10-09 21:08:21 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempvp1056.html
    [2010-10-09 09:28:12 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempok1812.html
    [2010-10-09 09:28:12 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempbn1812.html
    [2010-10-08 21:10:05 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempEL2092.html
    [2010-10-08 21:10:05 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempKp2092.html
    [2010-10-07 19:56:33 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temppr2060.html
    [2010-10-07 19:56:33 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempGH2060.html
    [2010-10-06 20:09:30 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempZI1388.html
    [2010-10-06 20:09:30 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempTV1388.html
    [2010-10-06 15:13:53 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temphu1516.html
    [2010-10-06 15:13:53 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempdy1516.html
    [2010-10-05 19:14:03 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempsd2732.html
    [2010-10-05 19:14:03 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempdP2732.html
    [2010-10-05 15:55:26 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempmc2188.html
    [2010-10-05 15:55:26 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempQL2188.html
    [2010-10-04 21:07:12 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempui2004.html
    [2010-10-04 21:07:12 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Temprx2004.html
    [2010-10-04 19:34:43 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempHb2968.html
    [2010-10-04 19:34:43 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempdY2968.html
    [2010-10-04 17:03:23 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempTu2832.html
    [2010-10-04 17:03:23 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempFJ2832.html
    [2010-10-03 21:10:40 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempTg2544.html
    [2010-10-03 21:10:40 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempdw2544.html
    [2010-10-03 16:58:54 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempEY2376.html
    [2010-10-03 16:58:54 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\Tempmz2376.html
    [2010-10-03 14:45:06 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempgI2476.html
    [2010-10-03 14:45:06 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempwS2476.html
    [2010-10-03 14:33:14 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempMh2672.html
    [2010-10-03 10:17:18 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempbB2192.html
    [2010-10-03 10:17:18 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempzG2192.html
    [2010-10-02 22:42:48 | 000,002,432 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempWQ2760.html
    [2010-10-02 22:42:48 | 000,002,089 | ---- | M] () -- C:\Users\Albert\AppData\Local\TempSl2760.html
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-11-01 20:11:12 | 000,002,949 | ---- | C] () -- C:\Users\Albert\Desktop\HiJackThis.lnk
    [2010-11-01 20:06:23 | 000,002,432 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempQX2148.html
    [2010-11-01 20:06:23 | 000,002,089 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempTY2148.html
    [2010-11-01 19:33:10 | 000,002,432 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempVI2188.html
    [2010-11-01 19:33:10 | 000,002,089 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempXa2188.html
    [2010-11-01 16:30:58 | 000,002,432 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempLJ2136.html
    [2010-11-01 16:30:58 | 000,002,089 | ---- | C] () -- C:\Users\Albert\AppData\Local\Tempkx2136.html
    [2010-11-01 12:28:26 | 000,002,432 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempaC1512.html
    [2010-11-01 12:28:26 | 000,002,089 | ---- | C] () -- C:\Users\Albert\AppData\Local\TempWn1512.html
    [2010-11-01 10:22:08 | 000,002,432 | ---- | C] () -- C:\Users\Albert\AppData\Local\Tempwi2152.h
  • Spec od komputerów
    Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Cytat:
    :OTL

    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=dis
    IE - HKU\S-1-5-21-2168809494-3714326188-673154846-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: toolbar(małpa)ask.com:3.9.1.14019
    [2010-10-29 20:19:52 | 000,000,000 | ---D | M] -- C:\Users\Albert\AppData\Roaming\mozilla\Firefox\Profiles\26odm5x4.default\extensions\toolbar(małpa)ask.com
    [2010-11-01 10:34:21 | 000,002,568 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Mozilla\FireFox\Profiles\26odm5x4.default\searchplugins\askcom.xml
    O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKU\S-1-5-21-2168809494-3714326188-673154846-1000..\Run: [RGSC] E:\Gta\Rockstar Games Social Club\RGSCLauncher.exe File not found

    :Files
    C:\Users\Albert\AppData\Local\Temp*.html

    :Commands
    [emptytemp]

    Kliknij w Wykonaj Skrypt.Zatwierdź restart komputera.Po czyszczeniu w OTL użyj opcji Sprzątanie.W skrypcie (małpa) zmień na@.