Skocz do zawartości

victor2010

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    1

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Treść opublikowana przez victor2010

  1. victor2010
    Dostałem kilka smsów typu "czytam Twoją pocztę". Okazuje się, że ktoś faktycznie ma dostęp do mojej skrzynki. Skanowałem kilkoma AV bez skutku. Dopiero Dr WEB znalazł jak w temacie. OTL logfile created on: 2012-09-10 22:31:00 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\user\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 43,25% Memory free 3,00 Gb Paging File | 1,85 Gb Available in Paging File | 61,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,00 Gb Total Space | 11,66 Gb Free Space | 30,69% Space Free | Partition Type: NTFS Drive D: | 36,52 Gb Total Space | 28,57 Gb Free Space | 78,23% Space Free | Partition Type: FAT32 Computer Name: USER-KOMPUTER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-09-10 22:28:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2012-09-10 20:50:00 | 002,779,480 | ---- | M] () -- C:\Users\user\AppData\Local\temp\474D2BA4-5E2E7DFC-CCBB0E96-B1A52124\a96e6_xp.exe PRC - [2012-09-10 20:49:59 | 000,128,824 | ---- | M] () -- C:\Users\user\AppData\Local\temp\474D2BA4-5E2E7DFC-CCBB0E96-B1A52124\29776d.exe PRC - [2012-09-09 22:24:02 | 092,862,584 | ---- | M] () -- C:\Users\user\Downloads\launch.exe PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-04-14 15:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2007-03-23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe ========== Modules (No Company Name) ========== MOD - [2012-09-10 20:50:00 | 002,779,480 | ---- | M] () -- C:\Users\user\AppData\Local\temp\474D2BA4-5E2E7DFC-CCBB0E96-B1A52124\a96e6_xp.exe MOD - [2012-09-10 20:49:59 | 000,128,824 | ---- | M] () -- C:\Users\user\AppData\Local\temp\474D2BA4-5E2E7DFC-CCBB0E96-B1A52124\29776d.exe MOD - [2012-09-09 22:24:02 | 092,862,584 | ---- | M] () -- C:\Users\user\Downloads\launch.exe MOD - [2011-05-03 21:04:16 | 000,028,672 | ---- | M] () -- C:\Windows\System32\SpyShelterShellExt.dll MOD - [2011-03-18 20:04:29 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [1997-04-08 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2011-05-17 19:26:28 | 000,037,600 | ---- | M] (Speedchecker) [Auto | Stopped] -- C:\Program Files\Przyspiesz Komputer\PCSpeedUpService.exe -- (PCSpeedUpService) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012-03-14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2012-03-14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2012-03-14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2012-03-14 08:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2012-03-14 08:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2012-02-17 10:06:28 | 000,193,336 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\SpyShelter Premium\SpyShelter.sys -- (Spyshelter) DRV - [2011-05-28 21:08:58 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009-07-14 00:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH) DRV - [2009-06-19 03:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) DRV - [2007-02-22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-09-14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2005-03-29 22:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468 IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468 IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledAddons: SignPlugin@pekao.pl:1.3.0.84 FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.10.27.6 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-17 22:36:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-06-14 20:10:07 | 000,000,000 | ---D | M] [2011-05-28 21:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012-09-10 22:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3rt8oeht.default\extensions [2012-09-10 22:11:33 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3rt8oeht.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2011-05-29 20:33:09 | 000,000,000 | ---D | M] (PEKAO S.A. Sign Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3rt8oeht.default\extensions\SignPlugin@pekao.pl [2011-05-28 21:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-03-18 20:04:29 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: NPSignPlugin PEKAO = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\adkiamfckgcmblbpmbeehfhijlajckdd\1.3.0.84_1\ CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011-12-11 17:31:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\prxtbSof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000..\Run: [spyShelter] C:\Program Files\SpyShelter Premium\SpyShelter.exe () O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4273045221-1590919949-922329223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiz...ActivXPEKAO.cab (SignActivX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C303B9A-EDE7-4F42-AECA-8422A0B82921}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3200345-FC80-43E7-9732-B95ABEBB620D}: DhcpNameServer = 192.168.42.129 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-09-10 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CRE [2012-09-10 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2 [2012-09-10 22:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012-09-10 22:08:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\uTorrent [2012-09-10 22:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-09-10 22:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-09-10 22:04:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-09-10 22:04:04 | 000,000,000 | --SD | C] -- C:\ComboFix [2012-09-10 22:02:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012-09-09 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Simply Super Software [2012-09-09 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Simply Super Software [2012-09-09 23:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012-09-09 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012-09-09 23:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012-09-09 22:25:19 | 000,000,000 | ---D | C] -- C:\Users\user\DoctorWeb [2012-09-09 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012-09-09 20:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter [2012-09-09 20:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpyShelter Premium [2012-09-09 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpyShelter [2012-09-08 23:34:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Games [2012-09-08 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EFSoftware [2012-09-08 19:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EF Process Manager [2012-09-08 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\EF Process Manager [2012-08-29 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Real [2012-08-12 20:32:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-09-10 22:09:55 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-09-10 21:51:57 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-09-10 20:47:49 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 20:47:49 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 20:40:40 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-09-10 20:40:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-09-10 20:40:03 | 1207,533,568 | -HS- | M] () -- C:\hiberfil.sys [2012-09-09 23:05:59 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012-09-09 20:30:26 | 000,001,045 | ---- | M] () -- C:\Users\user\Desktop\SpyShelter Premium.lnk [2012-09-09 20:18:08 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-09-09 20:18:08 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-09-09 20:18:08 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-09-09 20:18:08 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-09-09 19:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-09-08 20:48:59 | 000,001,246 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2012-09-08 19:43:55 | 000,001,035 | ---- | M] () -- C:\Users\user\Desktop\EF Process Manager.lnk [2012-09-02 21:55:20 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-12 20:33:25 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-09-10 22:09:55 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-09-10 22:04:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-09-10 22:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-09-10 22:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-09-10 22:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-09-10 22:04:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-09-09 23:05:59 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012-09-09 20:30:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SpyShelterShellExt.dll [2012-09-09 20:30:26 | 000,001,045 | ---- | C] () -- C:\Users\user\Desktop\SpyShelter Premium.lnk [2012-09-09 20:30:25 | 001,740,800 | ---- | C] () -- C:\Windows\System32\Osklauncher.exe [2012-09-09 20:30:25 | 000,054,784 | ---- | C] () -- C:\Windows\System32\inject_logon_dll.dll [2012-09-09 19:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-09-08 19:43:55 | 000,001,035 | ---- | C] () -- C:\Users\user\Desktop\EF Process Manager.lnk [2012-08-12 20:33:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012-08-12 20:33:25 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012-04-18 18:59:35 | 000,000,012 | ---- | C] () -- C:\Users\user\intlname.ols [2012-01-18 21:48:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{41577F82-813E-45E2-AFE7-FE71304C1ABB} [2011-12-05 09:28:19 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{18D1E723-39F1-48C0-80D3-C23E2A30D051} [2011-11-20 18:58:54 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{9576C988-8470-4904-9A22-F21062A55E6E} [2011-11-06 09:40:52 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{30D28BD2-0A9C-4E0F-A7E9-5EAF452F9EF0} [2011-05-28 21:47:58 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2011-05-28 21:34:31 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-05-28 21:34:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-05-28 21:34:29 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-05-28 21:34:29 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-05-28 21:34:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-05-28 21:23:05 | 000,081,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-05-28 21:06:54 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll [2010-11-21 04:32:44 | 000,687,828 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2010-11-21 04:32:44 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2010-11-21 04:32:44 | 000,131,382 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2010-11-21 04:32:44 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat ========== LOP Check ========== [2012-07-29 21:18:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon [2012-09-08 19:44:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EFSoftware [2012-06-14 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET [2011-05-28 21:37:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gadu-Gadu 10 [2011-08-16 17:27:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2011-08-16 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia Multimedia Player [2011-12-18 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenFM [2011-08-16 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012-09-09 23:06:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simply Super Software [2012-09-09 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpyShelter [2012-09-10 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2012-08-13 09:11:36 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:905844AA @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:47F1DFAC @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > OTL Extras logfile created on: 2012-09-10 22:31:00 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\user\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 43,25% Memory free 3,00 Gb Paging File | 1,85 Gb Available in Paging File | 61,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,00 Gb Total Space | 11,66 Gb Free Space | 30,69% Space Free | Partition Type: NTFS Drive D: | 36,52 Gb Total Space | 28,57 Gb Free Space | 78,23% Space Free | Partition Type: FAT32 Computer Name: USER-KOMPUTER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-4273045221-1590919949-922329223-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n () https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{059E9C64-9C21-4E38-B8CE-6B7C46BDEFFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0644623D-768A-4DC1-A61C-D4F2C92B7193}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1714AAEE-AD64-4E3A-99D1-2BAAD1ED89F2}" = rport=445 | protocol=6 | dir=out | app=system | "{270FAE24-9E00-4F04-9E34-5BABD83850A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2717593D-18B8-4001-8F3D-270FC5798914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2890DBC8-9163-43E6-9017-60D4031BA6CB}" = lport=138 | protocol=17 | dir=in | app=system | "{2BF08B52-1524-4248-B717-E0C8E5B6A864}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35B0C655-2612-4CE5-974F-EC55A35B8C5E}" = lport=10243 | protocol=6 | dir=in | app=system | "{5DFAA217-D30A-4B2E-BACD-AF1204B4888D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{607ABD9C-B04F-4C73-BE6E-30F2F7C0C649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{698F4AF8-5D8C-4751-86E9-DE48A61DDCE2}" = lport=139 | protocol=6 | dir=in | app=system | "{74595181-E365-414D-86AF-528C57CBFEE4}" = rport=137 | protocol=17 | dir=out | app=system | "{8B63EE2D-61F0-4770-91FC-F5BBAD375232}" = rport=10243 | protocol=6 | dir=out | app=system | "{8F476943-3B76-4D8A-9B35-500C996F99A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F8B671B-8D43-4F9D-AE29-E292F604BA78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9C89ADBE-037D-45AE-B562-835026F282D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B40B552F-1A1D-476D-890A-B845C209CE01}" = rport=139 | protocol=6 | dir=out | app=system | "{B536B53D-797D-490A-B02C-7D9E3D7D30B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BBF8C0BB-9EC6-4302-A845-305619E2CF2D}" = lport=445 | protocol=6 | dir=in | app=system | "{C5786217-0F61-4D05-9364-7758497D65D6}" = rport=138 | protocol=17 | dir=out | app=system | "{D46E1146-1E9B-472A-89D3-8AF20AE44211}" = lport=137 | protocol=17 | dir=in | app=system | "{DA363C6F-38CF-4242-A8D4-E8574D51BE48}" = lport=2869 | protocol=6 | dir=in | app=system | "{E83E5366-5B59-4782-ADA2-EA3D984DB3B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{F59F04D0-8855-48E6-8AC3-60574BE5EE55}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FE4EA4A-20E4-42A6-B534-279FBF5F8B9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{19BE32B0-F7C9-4E7A-BC3E-62758CF180DE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1AB0146E-4DCA-4A85-8737-0769456231C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{3AFF229E-EFFE-4153-8435-C1A21DE24568}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{43187AAB-7228-42CB-A2D2-43810E95B2C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4F266F3E-17A3-4490-A64E-4B028917CDBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{515B2257-CF0A-4B40-A9F3-13005C25918A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{58A7ED04-4940-4BE6-87BD-E87CCC9264DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{59DC456D-9F95-4DEF-AAE0-7E6A64DE213C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{68CB8B41-8802-4BB3-89CE-C208DB7A43B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{71CB5880-13D6-45E6-A5C3-98DB03E1DE80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{726358E9-63B2-41BB-89BB-5FDD619250B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7BE5E24C-B3C7-41A4-B83C-25323A5B5137}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7E8DE807-44F6-4FE1-A01D-DC42FC0198C7}" = protocol=6 | dir=out | app=system | "{924C1BE5-1AC6-47C6-BD73-7FF134B68B7F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{A4D2E782-874B-4009-A162-F1E5D145E635}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A8CD9CAB-3B0F-4EE7-9BFC-9185686040A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AB5E147F-30E2-45E2-BCC7-D94774F0AF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B6212417-A995-4460-8DE2-CEF165ADCAE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DB2A97B5-4175-4501-9118-474E4CB022A5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{E1A52DCC-14D3-4062-AF33-690022EAECBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA618581-6DEF-4152-B960-B0D0DC4C4729}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F83A3A60-92B5-428B-8DDC-2CE198388ECC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F846CB23-6DEE-48CD-89EB-A52A952057B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{7D97BEF0-FD37-4F45-916E-1FBD2EF000E1}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{A373323C-A581-4064-80AD-03D0A8717F42}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{FAD18436-B3CE-42ED-A634-BE3A59F25A53}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{8F09F6BC-E6DA-41A6-87B3-F8D5B8EF6689}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{9774F081-7F76-486C-A774-1D309FB62872}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{B768B6CA-FC60-46C9-A968-494C60F22DA0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5 "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Obsługa programów Apple "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Polish "{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{ED3A19B5-716E-4069-8168-2BDE5E7F91BA}" = ESET Smart Security "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Pakiet sterowników systemu Windows - Nokia Modem (11/03/2006 6.82.0.1) "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "ATI Display Driver" = ATI Display Driver "CCleaner" = CCleaner "conduitEngine" = Conduit Engine "EF Process Manager" = EF Process Manager "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers. "KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "Mozilla Firefox 4.0 (x86 pl)" = Mozilla Firefox 4.0 (x86 pl) "Nokia PC Suite" = Nokia PC Suite "PK-PCSU_is1" = Przyspiesz Komputer "RealAlt_is1" = Real Alternative 2.0.2 "Softonic-Polska Toolbar" = Softonic-Polska Toolbar "SpyShelter_is1" = SpyShelter Premium 6.1 "Trojan Remover_is1" = Trojan Remover 6.8.4 "uTorrent" = µTorrent "uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar "Vit Registry Fix" = Vit Registry Fix 9.5.8 (remove only) "Winamp" = Winamp "Word8.0" = Microsoft Word 97 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2012-09-09 15:53:08 | Computer Name = user-Komputer | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 2012-09-09 15:53:08 | Computer Name = user-Komputer | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 2012-09-09 15:53:08 | Computer Name = user-Komputer | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 2012-09-09 17:11:05 | Computer Name = user-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2012-09-09 17:11:06 | Computer Name = user-Komputer | Source = PerfNet | ID = 2004 Description = Error - 2012-09-09 17:11:06 | Computer Name = user-Komputer | Source = PerfNet | ID = 2002 Description = Error - 2012-09-10 14:40:20 | Computer Name = user-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2012-09-10 14:40:20 | Computer Name = user-Komputer | Source = PerfNet | ID = 2004 Description = Error - 2012-09-10 14:40:20 | Computer Name = user-Komputer | Source = PerfNet | ID = 2002 Description = Error - 2012-09-10 16:04:47 | Computer Name = user-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary DrWeb Protection. System Error: Nie można odnaleźć określonego pliku. . [ Media Center Events ] Error - 2012-08-02 16:46:42 | Computer Name = user-Komputer | Source = MCUpdate | ID = 0 Description = 22:46:42 - Błąd podczas nawiązywania połączenia z Internetem. 22:46:42 - Nie można skontaktować się z serwerem.. Error - 2012-08-02 16:47:20 | Computer Name = user-Komputer | Source = MCUpdate | ID = 0 Description = 22:47:11 - Błąd podczas nawiązywania połączenia z Internetem. 22:47:11 - Nie można skontaktować się z serwerem.. Error - 2012-08-27 14:53:11 | Computer Name = user-Komputer | Source = MCUpdate | ID = 0 Description = 20:53:05 - Błąd podczas nawiązywania połączenia z Internetem. 20:53:10 - Nie można skontaktować się z serwerem.. Error - 2012-08-27 14:55:11 | Computer Name = user-Komputer | Source = MCUpdate | ID = 0 Description = 20:53:20 - Błąd podczas nawiązywania połączenia z Internetem. 20:53:20 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2012-02-28 04:13:28 | Computer Name = user-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa raportowania błędów systemu Windows. Error - 2012-02-28 04:13:58 | Computer Name = user-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa raportowania błędów systemu Windows. Error - 2012-02-29 12:43:15 | Computer Name = user-Komputer | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2012-03-01 03:42:12 | Computer Name = user-Komputer | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2012-03-02 16:53:55 | Computer Name = user-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa raportowania błędów systemu Windows. Error - 2012-03-05 15:20:05 | Computer Name = user-Komputer | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2012-03-06 09:44:07 | Computer Name = user-Komputer | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2012-03-07 12:53:18 | Computer Name = user-Komputer | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2012-03-08 08:31:50 | Computer Name = user-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Usługa raportowania błędów systemu Windows. Error - 2012-03-08 08:33:17 | Computer Name = user-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Windows Update zakończyła działanie; wystąpił następujący błąd: %%-2147024877 < End of report >
×
×
  • Dodaj nową pozycję...