Blue screen'y + próba skanu GMER

[karolis]

Witam serdecznie,

 

zwracam się z prośbą o pomoc w problemie blue screen'ów. W ciągu ostatnich 15 minut wystąpiły już dwa, o różnych kodach, ale tak szybko znikały, że nie zdążyłam zapisać. Windows wyświetlił rozwiązania, jako pierwsze miałam sprawdzić uszkodzenia dysków - przeskanowałam obydwa, nie znaleziono uszkodzeń. Kolejnym krokiem miało być skanowanie antywirusem. Nauczona doświadczeniem skierowałam się tutaj i wygenerowałam log ze skanu OTL. Przy próbie wykonania skanu GMER w trakcie skanowania wyskakuje informacja, że windows musi zakończyć ten proces. Nie wiem co mam zrobić, aby dostać pełen log, ani czy OTL już coś powie co się dzieje.

 

Nie wiem czy to sprawa sprzętu, oprogramowania, sterowników czy jakiejś infekcji. Bardzo proszę o pomoc w diagnozie/wykluczeniu chociaż jakiejś infekcji.

 

Dodatkowo ostatnio komp się dziwnie wiesza na niektórych stronach.

Zamieszczam log OTL i Extras. Jeśli jest jakiś sposób żeby zrobić skan GMER bardzo proszę o poradę, a jeśli mam użyć innego narzędzia również.

 

Pozdrawiam,

paquerette

 

P.S. Wklejam poniżej, bo nie wiedzieć czemu nie mogę zapisać pliku. Przepraszam.

 

 

OTL logfile created on: 2012-01-20 17:53:20 - Run 7

OTL by OldTimer - Version 3.0.10.0 Folder = D:\Instalki\AntyWiry

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,01% Memory free

4,00 Gb Paging File | 2,97 Gb Available in Paging File | 74,14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,44 Gb Total Space | 62,37 Gb Free Space | 53,57% Space Free | Partition Type: NTFS

Drive D: | 106,68 Gb Total Space | 54,09 Gb Free Space | 50,71% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KAROLINA-PC

Current User Name: Karolina

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2008-09-16 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2007-12-26 22:38:40 | 00,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe

PRC - [2007-05-18 10:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2007-10-03 05:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007-08-08 08:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2011-11-28 19:01:23 | 00,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2008-10-29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2007-10-17 00:24:32 | 00,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2007-09-26 19:24:12 | 00,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2007-07-06 00:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007-11-13 18:17:14 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2007-09-01 01:38:12 | 00,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2005-07-06 23:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

PRC - [2007-12-26 22:38:32 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2007-08-08 19:03:42 | 02,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007-08-15 19:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007-08-15 19:38:30 | 00,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2007-04-20 08:01:44 | 00,172,032 | ---- | M] (Bruker Daltonik GmbH) -- C:\Program Files\Common Files\Bruker Daltonik\NTDS\bin\DCOMLibraryService.exe

PRC - [2009-02-02 13:18:06 | 00,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\FinAutoLogOff.exe

PRC - [2009-02-03 11:15:46 | 00,065,536 | ---- | M] (Thermo Electron Corporation) -- C:\Xcalibur\system\programs\finSS_Server.exe

PRC - [2009-02-02 13:18:20 | 00,040,960 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\CFRDBService.exe

PRC - [2009-02-02 13:18:10 | 00,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\ThermoFisher.Foundation.Auditing.FinSecurityService.exe

PRC - [2008-06-09 18:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2006-11-02 13:35:27 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqsvc.exe

PRC - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2007-08-03 20:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2009-12-23 22:34:20 | 00,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

PRC - [2008-01-21 03:25:19 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqtgsvc.exe

PRC - [2009-03-03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe

PRC - [2008-01-21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007-08-28 04:48:39 | 00,655,360 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2008-07-19 03:52:16 | 00,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2007-09-03 11:39:21 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007-10-18 03:04:00 | 07,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008-02-01 22:29:32 | 00,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2008-01-21 03:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

PRC - [2007-12-06 11:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2008-08-30 08:12:13 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe

PRC - [2011-11-28 19:01:24 | 03,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2008-01-21 03:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe

PRC - [2008-01-21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

PRC - [2008-01-21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2008-01-21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

PRC - [2008-01-21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe

PRC - [2007-12-06 11:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PRC - [2011-12-09 18:14:25 | 00,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2006-10-27 14:23:04 | 00,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

PRC - [2009-07-23 16:50:43 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\Instalki\AntyWiry\OTL.exe

 

========== Win32 Services (SafeList) ==========

 

SRV - [2007-05-18 10:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService [Auto | Running])

SRV - [2007-10-03 05:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService [Auto | Running])

SRV - [2007-08-08 08:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Auto | Running])

SRV - [2011-11-28 19:01:23 | 00,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus [Auto | Running])

SRV - [2008-07-27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Disabled | Stopped])

SRV - [2010-03-18 12:16:28 | 00,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32 [Auto | Stopped])

SRV - [2007-04-20 08:01:44 | 00,172,032 | ---- | M] (Bruker Daltonik GmbH) -- C:\Program Files\Common Files\Bruker Daltonik\NTDS\bin\DCOMLibraryService.exe -- (DCOMLibraryService [Auto | Running])

SRV - [2008-01-21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2006-11-02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2006-11-02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])

SRV - [2008-01-21 03:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])

SRV - [2009-02-02 13:18:06 | 00,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\FinAutoLogOff.exe -- (Finnigan Auto Log Off [Auto | Running])

SRV - [2009-02-03 11:15:46 | 00,065,536 | ---- | M] (Thermo Electron Corporation) -- C:\Xcalibur\system\programs\finSS_Server.exe -- (Finnigan Security Server [Auto | Running])

SRV - [2009-02-02 13:18:20 | 00,040,960 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\CFRDBService.exe -- (FinniganDatabaseService [Auto | Running])

SRV - [2009-02-02 13:18:10 | 00,024,576 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\ThermoFisher.Foundation.Auditing.FinSecurityService.exe -- (FinniganSecurityService [Auto | Running])

SRV - [2009-05-03 18:31:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2008-06-20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2010-11-02 20:51:13 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])

SRV - [2010-11-02 20:51:13 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem [On_Demand | Stopped])

SRV - [2008-11-20 20:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008-06-20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008-06-09 18:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2006-11-02 13:35:27 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqsvc.exe -- (MSMQ [Auto | Running])

SRV - [2008-01-21 03:25:19 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])

SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])

SRV - [2008-06-20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])

SRV - [2008-09-16 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])

SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])

SRV - [2009-03-04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

SRV - [2007-08-03 20:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr [Auto | Running])

SRV - [2009-12-23 22:34:20 | 00,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])

SRV - [2009-02-02 13:19:06 | 00,019,456 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\ThermoFisher.Foundation.AcquisitionMonitor.exe -- (Thermo.Foundation.Acquisition.Service.Monitor [Auto | Stopped])

SRV - [2009-02-02 13:19:26 | 00,192,512 | ---- | M] (Thermo Fisher Scientific Inc.) -- C:\Program Files\Thermo\Foundation\ThermoFisher.Foundation.AcquisitionService.exe -- (ThermoFisher.Foundation.AcquisitionService [Auto | Stopped])

SRV - [2008-01-21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])

SRV - [2008-01-21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

SRV - [2010-03-18 12:16:28 | 00,753,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400 [On_Demand | Stopped])

 

========== Driver Services (SafeList) ==========

 

DRV - [2004-09-01 13:56:26 | 00,010,605 | R--- | M] () -- C:\Windows\System32\DRIVERS\Acqir500.sys -- (Acqir500 [Auto | Stopped])

DRV - [2008-01-21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

DRV - [2008-01-21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

DRV - [2008-01-21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

DRV - [2008-01-21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

DRV - [2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

DRV - [2008-01-21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

DRV - [2008-01-21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])

DRV - [2008-01-21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

DRV - [2007-08-11 04:19:26 | 00,029,752 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm [boot | Running])

DRV - [2007-07-24 19:09:04 | 00,013,880 | ---- | M] () -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP [Auto | Running])

DRV - [2011-11-28 18:51:50 | 00,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2011-11-28 18:52:07 | 00,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])

DRV - [2011-11-28 18:52:19 | 00,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [system | Running])

DRV - [2011-11-28 18:53:53 | 00,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx [system | Running])

DRV - [2011-11-28 18:53:35 | 00,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2011-11-28 18:52:16 | 00,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2007-10-31 12:55:59 | 00,046,592 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\l160x86.sys -- (AtcL001 [On_Demand | Running])

DRV - [2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])

DRV - [2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])

DRV - [2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])

DRV - [2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2008-08-30 08:01:42 | 00,012,800 | ---- | M] (CSR, plc) -- C:\Windows\System32\DRIVERS\BthAvrcp.sys -- (BthAvrcp [On_Demand | Stopped])

DRV - [2008-01-21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

DRV - [2008-01-21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

DRV - [2008-01-21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

DRV - [2007-08-03 05:26:21 | 00,020,936 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio [Auto | Running])

DRV - [1996-04-03 20:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\system32\giveio.sys -- (giveio [boot | Running])

DRV - [2009-02-01 12:28:39 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])

DRV - [2008-01-21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])

DRV - [2007-09-29 16:03:11 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [boot | Running])

DRV - [2008-01-21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])

DRV - [2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

DRV - [2007-09-05 10:36:25 | 01,953,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

DRV - [2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

DRV - [2007-01-24 11:08:39 | 00,005,632 | ---- | M] ( ) -- C:\Windows\System32\DRIVERS\kbfiltr.sys -- (kbfiltr [On_Demand | Running])

DRV - [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

DRV - [2008-01-21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

DRV - [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

DRV - [2007-09-26 23:03:42 | 00,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby [boot | Running])

DRV - [2005-01-19 11:11:16 | 00,022,016 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])

DRV - [2008-01-21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

DRV - [2008-01-21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])

DRV - [2008-01-21 03:23:26 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

DRV - [2008-01-21 03:25:19 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mqac.sys -- (MQAC [On_Demand | Running])

DRV - [2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])

DRV - [2006-12-14 08:11:57 | 00,007,680 | ---- | M] (ATK0100) -- C:\Windows\System32\DRIVERS\ATKACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-01-21 03:23:20 | 02,225,664 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])

DRV - [2007-06-20 21:51:27 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])

DRV - [2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

DRV - [2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

DRV - [2008-09-16 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

DRV - [2008-01-21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

DRV - [2008-01-21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

DRV - [2005-01-19 11:14:38 | 00,211,712 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])

DRV - [2008-01-21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

DRV - [2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

DRV - [2007-08-08 13:42:07 | 00,045,568 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])

DRV - [2007-07-30 03:42:57 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])

DRV - [2007-07-30 04:54:01 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])

DRV - [2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2008-01-21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

DRV - [2007-08-28 04:53:47 | 01,019,136 | ---- | M] (Motorola Inc.) -- C:\Windows\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])

DRV - [2007-10-01 07:59:45 | 01,769,984 | ---- | M] () -- C:\Windows\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])

DRV - [2006-09-24 14:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\speedfan.sys -- (speedfan [boot | Running])

DRV - [2011-05-14 15:53:15 | 00,436,792 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009-09-28 20:57:28 | 00,007,168 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen [On_Demand | Stopped])

DRV - [2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

DRV - [2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

DRV - [2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

DRV - [2007-12-06 11:12:47 | 00,196,400 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2008-01-21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

DRV - [2008-01-21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

DRV - [2008-01-21 03:23:27 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

DRV - [2008-01-21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

DRV - [2008-01-21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

DRV - [2006-11-02 08:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\S-1-5-21-2661777860-2742724884-1657798953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-04 10:02:03 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-12-25 11:08:48 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-20 17:19:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-14 13:32:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-16 19:39:05 | 00,000,000 | ---D | M]

 

[2012-01-14 13:32:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-10-01 17:51:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-08-24 21:23:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-24 21:23:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-08-24 21:23:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2011-12-14 10:45:24 | 00,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2009-08-24 20:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-08-24 20:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-08-24 20:19:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-08-24 20:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-08-24 20:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-08-24 20:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-08-24 20:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE ()

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-2661777860-2742724884-1657798953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010-08-02 17:56:24 | 00,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-08-02 17:56:24 | 00,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-10-16 10:16:59 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\My IQ Reports

[2013-10-16 10:16:12 | 00,000,296 | ---- | C] () -- C:\Windows\win.ini

[2013-10-16 10:15:26 | 00,000,000 | ---- | C] () -- C:\Windows\OtofControl.INI

[2013-10-16 10:13:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bruker Daltonik

[2013-10-16 10:13:39 | 00,000,000 | ---D | C] -- C:\Program Files\Bruker Daltonik

[2013-10-16 10:13:39 | 00,000,000 | ---D | C] -- C:\BDalSystemData

[2012-01-16 19:54:01 | 00,144,137 | ---- | C] () -- C:\Users\Karolina\Documents\Fam.vers.L.Radzisz.2.pdf

[2012-01-16 19:40:10 | 00,066,273 | ---- | C] () -- C:\Users\Karolina\Documents\Fam.vers.L.Radzisz..pdf

[2012-01-16 19:39:13 | 00,000,959 | ---- | C] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk

[2012-01-14 12:19:42 | 00,169,013 | ---- | C] () -- C:\Windows\hpoins27.dat.temp

[2012-01-14 12:19:42 | 00,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp

[2012-01-14 11:20:55 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2009-10-11 10:30:59 | 00,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2009-03-10 15:41:03 | 00,000,072 | ---- | C] () -- C:\Windows\inicsps1.ini

[2009-01-23 19:23:49 | 00,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2009-01-01 14:39:28 | 00,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll

[2008-10-04 17:05:46 | 00,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll

[2008-10-01 12:34:32 | 00,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008-08-30 08:12:19 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll

[2008-04-18 00:45:31 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2007-10-01 07:59:45 | 01,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007-05-09 08:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2007-01-24 11:08:39 | 00,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[2006-11-02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-03-09 02:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005-01-19 09:30:54 | 00,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2004-09-01 13:56:26 | 00,010,605 | R--- | C] () -- C:\Windows\System32\drivers\Acqir500.sys

[1996-04-03 20:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\Windows\System32\*.tmp files]

[2013-10-16 10:15:26 | 00,000,000 | ---- | M] () -- C:\Windows\OtofControl.INI

[2012-01-20 17:32:47 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2012-01-20 17:30:38 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012-01-20 17:29:21 | 00,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-01-20 17:29:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2012-01-20 17:29:11 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012-01-20 17:29:10 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012-01-20 17:29:05 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012-01-20 17:29:01 | 21,466,89024 | -HS- | M] () -- C:\hiberfil.sys

[2012-01-20 17:21:46 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012-01-20 17:19:49 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012-01-20 16:26:00 | 00,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-01-19 18:49:37 | 00,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2012-01-19 18:49:36 | 01,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2012-01-19 18:49:36 | 00,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-01-19 18:49:36 | 00,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2012-01-19 18:49:36 | 00,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-01-18 16:31:23 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012-01-16 20:50:34 | 00,144,137 | ---- | M] () -- C:\Users\Karolina\Documents\Fam.vers.L.Radzisz.2.pdf

[2012-01-16 19:40:20 | 00,066,273 | ---- | M] () -- C:\Users\Karolina\Documents\Fam.vers.L.Radzisz..pdf

[2012-01-16 19:39:13 | 00,000,959 | ---- | M] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk

[2012-01-14 12:29:47 | 00,169,013 | ---- | M] () -- C:\Windows\hpoins27.dat.temp

[2012-01-12 03:02:31 | 52,128,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2012-01-08 11:47:13 | 00,000,584 | ---- | M] () -- C:\Users\Karolina\Documents\grstyles.stl

[2012-01-07 12:27:52 | 00,000,010 | ---- | M] () -- C:\Users\Karolina\Documents\LastLab.sk

 

========== LOP Check ==========

 

[2012-01-20 17:29:21 | 00,001,036 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012-01-20 16:26:00 | 00,001,040 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012-01-20 17:29:16 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2012-01-20 17:21:46 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009-06-09 06:52:55 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7DFFA72F-ADB8-47A9-9466-49CEACAB90FC}.job

 

========== Purity Check ==========

 

 

< End of report >

 

 

 

 

OTL Extras logfile created on: 2012-01-20 17:53:20 - Run 7

OTL by OldTimer - Version 3.0.10.0 Folder = D:\Instalki\AntyWiry

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,01% Memory free

4,00 Gb Paging File | 2,97 Gb Available in Paging File | 74,14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,44 Gb Total Space | 62,37 Gb Free Space | 53,57% Space Free | Partition Type: NTFS

Drive D: | 106,68 Gb Total Space | 54,09 Gb Free Space | 50,71% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KAROLINA-PC

Current User Name: Karolina

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*"

.scr [@ = RasWin.Script] -- C:\Program Files\RasWin\RasWin.exe ()

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{112A7F79-505E-4FBC-A6AE-60065A3929E1}" = lport=138 | protocol=17 | dir=in | app=system |

"{225866BC-CCB2-452F-9FB7-02144D16FC1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{35CC9FF7-FBD5-4E6B-89FA-5A0A9219B5B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3A128385-65B3-45D9-96EB-C5CE1757FE00}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{44DF0082-AB7D-4CDE-AEF0-7487083B0181}" = rport=139 | protocol=6 | dir=out | app=system |

"{5701912E-DAB2-4FC4-B821-F16AFCFBE321}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5F4DA88C-F40D-442F-AB6C-C70E90A6FF41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{63097797-AC90-4E2A-9ACB-93BC1AD02F32}" = rport=137 | protocol=17 | dir=out | app=system |

"{6D70BC97-77F8-469A-A11C-986729887350}" = lport=139 | protocol=6 | dir=in | app=system |

"{9414EF11-8DFF-42B8-BF8A-811BD2C66D34}" = rport=445 | protocol=6 | dir=out | app=system |

"{9F7925D6-63BD-4B19-BCB0-D4BCFB24B864}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{AB1AD789-4631-44BE-8F82-1DC8F18ADBD1}" = lport=137 | protocol=17 | dir=in | app=system |

"{B70B789D-5104-48D5-A3C7-2E5BC48A04A3}" = lport=445 | protocol=6 | dir=in | app=system |

"{C006079F-BC93-4673-9EA8-CB878F6FBBC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CD18ED85-31B7-4EDC-949F-2695FB7F5D0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{E929EBA9-0C67-4C85-B05A-F4B62DF5DF22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{ECDA74C9-E858-40FB-92C2-46044E48674B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F25802D8-0AFA-425E-B6B1-E9E6B4BA969A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FDAD1F32-41A9-428E-A1E5-365DCB0FA78C}" = rport=138 | protocol=17 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00395C75-C4C7-439E-84C0-A2DBC5380F42}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{0291F08A-16F8-4CFA-B14A-707E63D57002}" = protocol=17 | dir=in | app=c:\thermo\instruments\ltq\system\programs\ltqbridge.exe |

"{10ADD7D1-4BDF-4DBD-8CCD-5445B3C63102}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{138CD5CC-3425-4661-8C92-85F7498BB1BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{16202B1A-DD70-4E57-8822-F3F7DC226652}" = protocol=6 | dir=in | app=c:\xcalibur\system\programs\homepage.exe |

"{1D1FFA07-674F-4503-9259-79218A7DB234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2404DF99-80D4-43DE-960A-CC456063112F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{45836098-2ED9-475E-BFA2-CABD26203C66}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{5069EC5A-F0F4-42A1-A1B3-BEF7854ED818}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |

"{66FE460C-F2B9-4185-936B-31BB401EE26E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{7508BCC2-140A-4B2C-BC81-BF7DDB1BCC15}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{7AC89A6D-E98D-4BCD-9513-A79CD6E655B8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{9148DDA6-9F93-4237-95CE-704171D72813}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{9242D2CF-FC00-4B0B-8AB0-4EF698168C7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{A7EC534B-51DE-4A60-9144-3FE18B4113E0}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |

"{C8BA968C-0335-4124-A656-EE1C67570B92}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{D0B9F564-C88F-4D0A-8C26-981BE52131D1}" = protocol=17 | dir=in | app=c:\xcalibur\system\programs\homepage.exe |

"{DF48E265-3710-479C-82FA-8D9619EBFF2D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{E818D33F-A4B6-4818-92B6-684E172747E1}" = protocol=6 | dir=in | app=c:\thermo\instruments\ltq\system\programs\ltqbridge.exe |

"{F7771C67-F869-431D-8950-E5ADA87FDB4A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"TCP Query User{02621004-4D51-4EAD-96FB-AE1D6AB36DD4}C:\program files\commandos ii\comm2.exe" = protocol=6 | dir=in | app=c:\program files\commandos ii\comm2.exe |

"TCP Query User{1992E558-8326-42DB-A997-28D43EC354C2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"TCP Query User{20A18DDD-5FC8-4FDA-B268-B07D907A49CC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"TCP Query User{22970BDA-28FF-4E7A-AD04-B7DB728F4ABE}C:\program files\electronic arts\need for speed carbon\nfsc.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed carbon\nfsc.exe |

"TCP Query User{2C044B8C-7AFB-445E-86C4-84D50124932A}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |

"TCP Query User{2C5BFCC1-FB64-413E-BECB-DBDB7543896C}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |

"TCP Query User{6FCE5A9A-D53E-4073-BB18-B0BA49A3A510}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |

"TCP Query User{843F8354-2750-4AB7-B16F-1C327D5128D4}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"TCP Query User{96537454-40B0-4952-9F97-DCDCB5F617D3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{A763D433-E30E-4C6E-9AAD-D239BEB38561}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{AE8EDF97-76E6-40FF-9B5D-6D2685F00727}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{B2866427-CFAE-413A-BE50-948D0AF1CA72}C:\program files\commandos ii\comm2.exe" = protocol=6 | dir=in | app=c:\program files\commandos ii\comm2.exe |

"TCP Query User{C665B430-F073-4367-953F-779AF65CCC0D}C:\thermo\instruments\ltq\system\programs\ltqbridge.exe" = protocol=6 | dir=in | app=c:\thermo\instruments\ltq\system\programs\ltqbridge.exe |

"UDP Query User{0E78FDEB-96FE-420C-A415-13EAAF649E2A}C:\program files\commandos ii\comm2.exe" = protocol=17 | dir=in | app=c:\program files\commandos ii\comm2.exe |

"UDP Query User{134C8CF2-1951-44FD-9033-76E4240B1630}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"UDP Query User{1EFE66AA-8D37-4007-B166-AB9CCCC5CC64}C:\program files\commandos ii\comm2.exe" = protocol=17 | dir=in | app=c:\program files\commandos ii\comm2.exe |

"UDP Query User{325B8722-8799-436E-9E96-AF5110FA041D}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |

"UDP Query User{3E3EC660-2FC3-41AD-BADE-809F7BAA6DE0}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{43C299B1-C922-44F7-9B80-2AF10E8E070D}C:\thermo\instruments\ltq\system\programs\ltqbridge.exe" = protocol=17 | dir=in | app=c:\thermo\instruments\ltq\system\programs\ltqbridge.exe |

"UDP Query User{474E51A6-FFBC-40A4-877D-CF3A447C8390}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |

"UDP Query User{58353C55-A566-4396-820D-63BDE8F3B8A2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{7D746E19-FAA8-4BEB-9DF3-A361A1D6F900}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |

"UDP Query User{876EBB73-60B4-4389-8E34-F826DA7AD676}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

"UDP Query User{98E71932-D568-4E0E-A242-602EF1305E92}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{9CD7111D-9709-4907-B6EA-86391574C324}C:\program files\electronic arts\need for speed carbon\nfsc.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed carbon\nfsc.exe |

"UDP Query User{9E44518C-C5C1-4113-96C8-EF80722C78F5}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{174EDCA9-85F3-4B77-8B52-8839002CED4D}" = FTInstaller_Release_2.1

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{2295CC76-4555-43B2-9327-882783023A63}" = Origin8

"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect

"{23BD9C89-FBBE-4C87-98D1-85ED59F5AB41}" = Thermo Xcalibur

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{343AB4F2-F1EF-4FF9-B0E6-CAAB680286A6}" = G Data LNK-Checker

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Zwierzaki

"{4DEAC5AB-B447-4495-8290-783AAE9993D4}" = Thermo Xcalibur

"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones

"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{5885D6DC-E2D5-4FB1-87E2-73ACD2FDF78D}" = Thermo Foundation 1.0

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00B4-0415-0000-0000000FF1CE}" = Microsoft Office Project MUI (Polish) 2007

"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007

"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk

"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish

"{ADDD6985-3A28-44D0-A1BA-FDD19A820491}" = SnagIt 9

"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BDA1AA22-0231-1000-8123-00E081205B98}" = Bruker Daltonics micrOTOF Instruments Family 2.2 Build 23

"{BDA1B131-0036-1000-8123-00E081205B98}" = Bruker Daltonics BioTools 3.1

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C64F5E33-DC3B-4FDF-820E-8E66A765CD11}" = LTQ Orbitrap Velos Mass Spectrometer Installation

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt

"{F0879461-3654-49D8-864E-DB2E92A3F614}" = Thermo Foundation 1.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl

"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"ACDLabs in C__ACDFREE10_" = ACD/Labs Software in C:\ACDFREE10\

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner (remove only)

"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Pakiet sterowników systemu Windows - Nokia Modem (02/24/2009 4.0)

"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Pakiet sterowników systemu Windows - Nokia Modem (02/23/2009 7.01.0.2)

"English Grammar in Use" = English Grammar in Use

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Gadu-Gadu" = Gadu-Gadu 7.7

"Google Chrome" = Google Chrome

"GPMAW version 9.02" = GPMAW version 9.02

"HP-LaserJet 1018" = LaserJet 1018

"InstallShield_{174EDCA9-85F3-4B77-8B52-8839002CED4D}" = FTInstaller_Release_2.1

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack

"Local Port Scanner_is1" = Local Port Scanner v1.2.2

"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"Nokia PC Suite" = Nokia PC Suite

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"NVIDIA Drivers" = NVIDIA Drivers

"Opera 11.60.1185" = Opera 11.60

"Picasa 3" = Picasa 3

"PRJSTDR" = Microsoft Office Project Standard 2007

"PROPLUS" = Microsoft Office Professional Plus 2007

"RasWin" = RasWin (remove only)

"RealAlt_is1" = Real Alternative 1.9.0

"Shop for HP Supplies" = Shop for HP Supplies

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"SpeedFan" = SpeedFan (remove only)

"SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch

"SubEdit-Player_is1" = SubEdit-Player

"SuperMemo UX - Angielski. No problem!+ 2" = SuperMemo UX - Angielski. No problem!+ 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Totalcmd" = Total Commander (Remove or Repair)

"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

"Usbfix" = Usbfix By C_XX & El Desaparecido

"Winamp" = Winamp

"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox

"WinGimp-2.0_is1" = GIMP 2.6.0

"WinRAR archiver" = Archiwizator WinRAR

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-11-21 11:59:30 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-21 14:43:22 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-22 13:11:09 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-22 15:25:05 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-23 14:06:19 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-24 16:15:43 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-25 13:54:47 | Computer Name = Karolina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 2010-11-25 13:56:47 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-25 13:56:53 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-11-25 14:25:29 | Computer Name = Karolina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

[ OSession Events ]

Error - 2011-08-18 02:17:16 | Computer Name = Karolina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 4659 seconds with 1260 seconds of active time. This session ended with a

crash.

 

Error - 2011-08-18 02:17:53 | Computer Name = Karolina-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 2012-01-20 12:17:40 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7038

Description =

 

Error - 2012-01-20 12:17:40 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2012-01-20 12:19:23 | Computer Name = Karolina-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

 

Error - 2012-01-20 12:29:17 | Computer Name = Karolina-PC | Source = HTTP | ID = 15016

Description =

 

Error - 2012-01-20 12:29:47 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2012-01-20 12:29:47 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7038

Description =

 

Error - 2012-01-20 12:29:47 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2012-01-20 12:29:48 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7038

Description =

 

Error - 2012-01-20 12:29:48 | Computer Name = Karolina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2012-01-20 12:32:57 | Computer Name = Karolina-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

 

 

< End of report >

[picasso]

Przy próbie wykonania skanu GMER w trakcie skanowania wyskakuje informacja, że windows musi zakończyć ten proces. Nie wiem co mam zrobić, aby dostać pełen log, ani czy OTL już coś powie co się dzieje.

 

Posługujesz się przestarzałym OTL 3.0.10.0 = aktualna to 3.2.31.0. Należy zawsze pobierać narzędzie od nowa (poprawki / nowe komendy etc..) OTL nic nie mówi (brak śladów infekcji) + nie jest dostatecznie wiarygodny do oceny. System nie przygotowany wcale do uruchomienia GMER, działa Alcohol i jego sterownik emulacji SPTD:

 

DRV - [2011-05-14 15:53:15 | 00,436,792 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])
 
SRV - [2009-12-23 22:34:20 | 00,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])

 

Wykonaj z ogłoszenia kroki deinstalacji Alcohola + eliminacji SPTD narzędziem SPTDinst + restart: KLIK. Jeżeli mimo tego GMER nadal bedzie nieszczęśliwy, sprawdź co powie Kaspersky TDSSKiller. W razie ewentualnych wykryć: nic nie usuwaj, wszędzie ustaw "Skip".

 

 

zwracam się z prośbą o pomoc w problemie blue screen'ów. W ciągu ostatnich 15 minut wystąpiły już dwa, o różnych kodach, ale tak szybko znikały, że nie zdążyłam zapisać. Windows wyświetlił rozwiązania, jako pierwsze miałam sprawdzić uszkodzenia dysków - przeskanowałam obydwa, nie znaleziono uszkodzeń.

 

Komunikat o "uszkodzeniu" standardowy. Wykonaj diagnostykę z punktu 5, czyli analizę plików DMP (o ile są): KLIK

 

 

 

 

.

Edytowane 20 Lutego 2012 przez picasso
20.02.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso