Skocz do zawartości

ForumPC.pl używa plików cookies, by ułatwić korzystanie z serwisu internetowego. Więcej informacji na ten temat znajdziesz w polityce prywatności.    Akceptuję używanie plików cookies



Zdjęcie

Win32:SalityCode ~~ Pomocy


  • Zaloguj się, aby dodać odpowiedź
16 odpowiedzi w tym temacie

#1 OFFLINE   Swirusek

Swirusek
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 20 sierpień 2013 - 20:40

Co mam zrobić? Jakieś logi z czego nie wiem nic.

Avast dzisiaj zaczal szaleć - pierw zablokowal 29 plikow i pozniej cos go wylaczylo.

Poczytalem po froach i sciagnalem SalityKiller i skanuje nim ale nie wiem czy dobrze bo w nim tez mi wykrylo tego wirusa.

Prosze o szybka odpowiedz i instrukcje co robic


  • 0




#2 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 20 sierpień 2013 - 22:03

Zapoznaj się z tematem i w miarę możliwości wykonaj log z OTL: http://www.forumpc.p...ow-systemowych/ Dobrze wiedzieć, na czym stoimy.


  • 1

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#3 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 21 sierpień 2013 - 05:48

otl.txt

OTL logfile created on: 2013-08-21 06:38:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\SZYMAN\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 73,92% Memory free
4,85 Gb Paging File | 4,21 Gb Available in Paging File | 86,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 58,62 Gb Free Space | 75,03% Space Free | Partition Type: NTFS
Drive D: | 75,25 Gb Total Space | 52,89 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: SZYMAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-08-21 06:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SZYMAN\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2013-08-20 21:44:03 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2013-08-20 21:41:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2013-07-25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-06-29 13:50:22 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- D:\programs\hamahi\hamachi-2.exe
PRC - [2013-05-22 14:48:40 | 000,740,712 | ---- | M] (Spigot, Inc.) -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Search Protection\SearchProtection.exe
PRC - [2013-05-15 15:20:24 | 000,747,096 | ---- | M] (Bitdefender) -- C:\Program Files\Common Files\Bitdefender\setupinformation\downloader\setupdownloader.exe
PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-01-05 05:43:57 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-05-15 18:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-08-20 21:44:03 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2013-08-20 21:41:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
MOD - [2013-07-25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013-07-25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013-07-25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013-07-10 14:57:34 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013-01-05 05:44:13 | 003,021,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-04-27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\setupinformation\downloader\bdmetrics.dll
MOD - [2008-04-14 22:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013-07-10 14:57:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-29 13:50:22 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-06-28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\programs\hamahi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013-06-03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-01-05 05:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-05-15 18:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\fasfasf\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ojlgmn.sys -- (amsint32)
DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-04-24 16:28:52 | 010,252,672 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005-05-25 18:55:58 | 003,134,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005-05-06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004-08-14 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089
IE - HKU\S-1-5-21-2025429265-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "delta-homes"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.96.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-05-20 15:20:53 | 000,000,000 | ---D | M]
 
[2013-05-20 15:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Mozilla\Extensions
[2013-08-18 18:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Mozilla\Firefox\Profiles\rnx29h1o.default\extensions
[2013-08-18 18:22:46 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Mozilla\Firefox\Profiles\rnx29h1o.default\extensions\battlefieldplay4free@ea.com
[2013-07-10 15:45:10 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Mozilla\Firefox\Profiles\rnx29h1o.default\searchplugins\yahoo.xml
[2013-05-20 15:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-01-05 05:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-01-05 17:46:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2013-07-10 15:45:10 | 000,000,787 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
[2013-01-05 17:46:01 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2013-01-05 17:46:01 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2013-01-05 17:46:01 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2013-05-30 14:14:51 | 000,000,733 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2013-01-05 17:46:01 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2013-01-05 17:46:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search?q={searchTerms},
CHR - homepage: http://google.pl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\npBP4FUpdater.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Dokumenty Google = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Dragon Ball Z Goku = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dlddadblackokbbanbihkhhkgdodniee\1_0\
CHR - Extension: Stylish = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
CHR - Extension: Battlefield Play4Free = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Gmail = C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-08-20 22:19:00 | 000,000,025 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SZYMAN\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-2025429265-651377827-839522115-1003..\Run: [SearchProtection] C:\Documents and Settings\SZYMAN\Dane aplikacji\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-651377827-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-651377827-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\..Trusted Domains: freerealms.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\..Trusted Domains: soe.com ([]* in Zaufane witryny)
O15 - HKU\S-1-5-21-2025429265-651377827-839522115-1003\..Trusted Domains: sony.com ([]* in Zaufane witryny)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B31B83DC-DA2D-4FC2-AD24-26A4901E7A46}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-05-20 15:03:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-08-21 06:36:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-08-20 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Process Hacker 2
[2013-08-20 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013-08-20 20:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Kopia PokeDestiny
[2013-08-20 20:45:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013-08-20 20:45:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013-08-20 20:45:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013-08-20 20:45:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013-08-20 20:44:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-08-20 20:43:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\Narzędzia administracyjne
[2013-08-20 20:43:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SZYMAN\Moje dokumenty\Moje wideo
[2013-08-20 20:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013-08-19 19:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Spy++
[2013-08-19 18:11:42 | 020,791,627 | ---- | C] (DBMW Team) -- C:\Documents and Settings\SZYMAN\Pulpit\Dragon Ball Mysterious World v1.0.exe
[2013-08-19 12:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Pokeing
[2013-08-19 12:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon-Sapphire-Client
[2013-08-18 20:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\DBL_1.89.7_test_v1.1
[2013-08-18 11:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Sony Online Entertainment
[2013-08-18 11:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\SCE
[2013-08-18 11:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013-08-17 22:55:21 | 000,015,227 | ---- | C] (Wookash) -- C:\Program Files\Common Files\logonInit.dll
[2013-08-17 12:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\APARAT
[2013-08-17 11:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\GituSpamerV2
[2013-08-16 18:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\.minecraft_pixelmon.pl
[2013-08-16 18:58:09 | 003,422,750 | ---- | C] (Pixelmon.pl Pokemon Serwer) -- C:\Documents and Settings\SZYMAN\Pulpit\Pixelmon.exe
[2013-08-16 18:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\PokemonOnline.v.1.6
[2013-08-16 18:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Pokes
[2013-08-16 16:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\AdvTOR INJECTION
[2013-08-15 16:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\DatEditor by Daemon
[2013-08-15 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Conquest Klient
[2013-08-14 11:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Asprate
[2013-08-14 11:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate
[2013-08-14 11:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Poke by Bolz v3
[2013-08-12 20:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\PunkBuster
[2013-08-12 20:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Moje dokumenty\Battlefield Play4Free
[2013-08-12 19:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\EA Games
[2013-08-12 17:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\PokeLife Client
[2013-08-12 14:59:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SZYMAN\Recent
[2013-08-12 14:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2013-08-12 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-08-11 11:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\poke dodac
[2013-08-10 18:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\Help
[2013-08-10 18:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Help
[2013-08-10 16:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Tasker
[2013-08-09 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\OTClient PokeXCath
[2013-08-09 19:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Game Booster 3
[2013-08-09 19:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2013-08-09 19:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013-08-09 17:31:03 | 009,211,736 | ---- | C] (Martin Prikryl) -- C:\Documents and Settings\SZYMAN\Pulpit\WinSCP.exe
[2013-08-09 16:32:27 | 000,495,616 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\SZYMAN\Pulpit\putty.exe
[2013-08-08 16:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Moje dokumenty\DeadIsland
[2013-08-08 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\Steam
[2013-08-08 16:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013-08-08 16:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013-08-08 16:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Steam
[2013-08-08 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013-08-08 16:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013-08-08 16:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013-08-08 16:05:32 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013-08-08 16:05:32 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013-08-08 16:05:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013-08-08 16:05:31 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013-08-08 16:05:30 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013-08-08 16:05:29 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013-08-08 16:05:29 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013-08-08 16:05:28 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2013-08-08 16:05:27 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013-08-08 16:05:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013-08-08 16:05:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013-08-08 16:05:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013-08-08 16:05:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013-08-08 16:05:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013-08-08 16:05:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013-08-08 16:05:24 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013-08-08 16:05:24 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013-08-08 16:05:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013-08-08 16:05:23 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013-08-08 16:05:22 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2013-08-08 16:05:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2013-08-08 16:05:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2013-08-08 16:05:21 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2013-08-08 16:05:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2013-08-08 16:05:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2013-08-08 16:05:19 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2013-08-08 16:05:19 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2013-08-08 16:05:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2013-08-08 16:05:18 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2013-08-08 16:05:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2013-08-08 16:05:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2013-08-08 16:05:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2013-08-08 16:05:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2013-08-08 16:05:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2013-08-08 16:05:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2013-08-08 16:05:14 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2013-08-08 16:05:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2013-08-08 16:05:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2013-08-08 16:05:11 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2013-08-08 16:05:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2013-08-08 16:05:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2013-08-08 16:05:10 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2013-08-08 16:05:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2013-08-08 16:05:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2013-08-08 16:05:08 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2013-08-08 16:05:08 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2013-08-08 16:05:08 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2013-08-08 16:05:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2013-08-08 16:05:06 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2013-08-08 16:05:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2013-08-08 16:05:05 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2013-08-08 16:05:05 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2013-08-08 16:05:04 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2013-08-08 16:05:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2013-08-08 16:05:03 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2013-08-08 16:05:02 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2013-08-08 16:05:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2013-08-08 16:05:02 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2013-08-08 16:05:02 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2013-08-08 16:05:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2013-08-08 16:05:01 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2013-08-08 16:04:59 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2013-08-08 16:04:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2013-08-08 16:04:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2013-08-08 16:04:54 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2013-08-08 16:04:54 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2013-08-08 16:04:53 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2013-08-08 16:04:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2013-08-08 16:04:52 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2013-08-08 16:04:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2013-08-08 16:04:52 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2013-08-08 16:04:51 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2013-08-08 16:04:51 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2013-08-08 16:04:51 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2013-08-08 16:04:50 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2013-08-08 16:04:50 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2013-08-08 16:04:41 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2013-08-08 16:04:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2013-08-08 16:04:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2013-08-08 16:04:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2013-08-08 16:04:38 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2013-08-08 16:04:38 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2013-08-08 16:04:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2013-08-08 16:04:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2013-08-08 16:04:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2013-08-08 16:04:35 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2013-08-08 09:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\VALVe
[2013-08-07 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\DBKH 4.0
[2013-08-07 13:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Desktop
[2013-08-06 12:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Counter-Strike 1.6
[2013-08-06 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\Earth's Special Forces
[2013-08-04 13:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Silnik DBKO source (8.0)
[2013-08-03 22:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB
[2013-08-03 21:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\dbkos
[2013-08-03 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB Beta
[2013-08-02 21:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\rybki
[2013-08-01 21:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013-08-01 18:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\LolClient
[2013-08-01 14:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\League of Legends
[2013-08-01 13:32:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2013-08-01 13:32:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2013-08-01 13:32:21 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2013-08-01 13:32:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2013-08-01 13:32:14 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2013-08-01 13:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2013-08-01 13:31:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013-08-01 13:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Riot Games
[2013-07-31 22:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon OTS
[2013-07-28 20:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\mapa poke
[2013-07-27 09:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\pxgclient
[2013-07-26 23:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\PxGClient
[2013-07-26 23:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\.minecraft
[2013-07-25 15:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\otsmateria
[2013-07-25 11:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\NooBwar_8.6
[2013-07-24 12:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Mystera_4.2
[2013-07-23 20:59:34 | 021,269,058 | ---- | C] (Vultur GmbH) -- C:\Documents and Settings\SZYMAN\Pulpit\DBP 2.35.exe
[2013-07-22 22:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\otclient
[2013-07-22 22:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon OTClient
[2013-07-22 21:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Slash 2.0
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-08-21 06:28:42 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-08-21 06:28:42 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2013-08-21 06:28:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-08-21 00:13:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-08-20 23:48:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-08-20 22:19:00 | 000,000,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-08-20 21:58:38 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Process Hacker 2.lnk
[2013-08-20 21:44:03 | 000,831,488 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
[2013-08-20 21:43:57 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe
[2013-08-20 21:41:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2013-08-20 21:31:27 | 020,791,627 | ---- | M] (DBMW Team) -- C:\Documents and Settings\SZYMAN\Pulpit\Dragon Ball Mysterious World v1.0.exe
[2013-08-20 21:30:42 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013-08-20 21:30:16 | 019,282,272 | ---- | M] (CipSoft GmbH) -- C:\Documents and Settings\SZYMAN\Pulpit\Bleach Warrior Online.exe
[2013-08-20 21:24:44 | 000,164,134 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\salitykiller.zip
[2013-08-20 20:42:06 | 000,000,174 | ---- | M] () -- C:\Fix.reg
[2013-08-20 14:35:29 | 000,139,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-08-20 14:35:23 | 000,282,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013-08-19 21:04:03 | 000,122,783 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Obraz.png
[2013-08-19 19:06:56 | 000,627,104 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Spy++.rar
[2013-08-19 10:05:43 | 007,723,222 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB.rar
[2013-08-19 09:44:13 | 001,095,054 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\dasd.bmp
[2013-08-18 19:57:18 | 000,182,571 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\logo dbleague.xcf
[2013-08-18 19:57:18 | 000,022,936 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
[2013-08-18 14:43:45 | 000,282,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013-08-18 12:20:21 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\hehe.html
[2013-08-18 12:13:37 | 000,346,511 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\dbmw skin (1).rar
[2013-08-17 22:32:23 | 015,575,222 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Wander of Shinobi.exe
[2013-08-17 13:49:00 | 000,399,360 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\NoxSpr.exe
[2013-08-17 12:49:05 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-08-17 10:51:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-08-16 18:58:17 | 003,422,750 | ---- | M] (Pixelmon.pl Pokemon Serwer) -- C:\Documents and Settings\SZYMAN\Pulpit\Pixelmon.exe
[2013-08-16 16:23:27 | 000,577,536 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Tibia Spambot by IgI.exe
[2013-08-16 15:00:06 | 002,245,479 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Hacked MUSIC.mp3
[2013-08-16 14:57:21 | 000,001,380 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\index.html
[2013-08-16 13:13:18 | 000,345,142 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\ZAPŁACIĆ.bmp
[2013-08-14 11:26:13 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2013-08-13 14:08:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-08-13 14:08:07 | 001,075,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-08-13 14:08:01 | 001,075,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-08-13 13:29:38 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\PokeXGame.lnk
[2013-08-13 13:29:16 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Dead Island.lnk
[2013-08-13 13:28:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Counter Strike Source.lnk
[2013-08-13 10:13:22 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\BattleField Play4Free.lnk
[2013-08-12 20:00:15 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Dane aplikacji\PnkBstrK.sys
[2013-08-12 15:15:49 | 000,055,474 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\cc_20130812_151527.reg
[2013-08-12 14:57:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-08-10 11:42:03 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2013-08-09 22:20:29 | 029,566,306 | ---- | M] (CipSoft GmbH) -- C:\Documents and Settings\SZYMAN\Pulpit\SoFo.exe
[2013-08-09 22:08:36 | 000,011,902 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\WinSCP.ini
[2013-08-09 22:08:36 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Dane aplikacji\winscp.rnd
[2013-08-09 19:09:07 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Switch to Gaming Mode.lnk
[2013-08-09 19:09:07 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster 3.lnk
[2013-08-09 16:32:27 | 000,495,616 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\SZYMAN\Pulpit\putty.exe
[2013-08-09 13:28:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013-08-08 16:08:22 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2013-08-08 16:07:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013-08-08 16:06:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013-08-07 23:34:00 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic.otbm
[2013-08-07 23:34:00 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic-spawn.xml
[2013-08-07 23:34:00 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic-house.xml
[2013-08-07 14:41:07 | 000,006,574 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Bez nazwy.xcf
[2013-08-07 14:02:25 | 000,003,126 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\heh.bmp
[2013-08-06 13:19:43 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\swirus.bbtheme
[2013-08-06 13:17:40 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\worldofdb-actual-20130806.bbtheme
[2013-08-06 12:36:35 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk
[2013-08-05 13:56:41 | 000,147,983 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\vocations.xml
[2013-08-03 14:09:09 | 020,926,082 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg.otbm
[2013-08-03 14:09:09 | 000,006,079 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg-house.xml
[2013-08-03 14:09:09 | 000,000,049 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg-spawn.xml
[2013-08-02 22:35:45 | 000,291,083 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\wodb].png
[2013-08-02 22:30:34 | 000,034,990 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\logo.png
[2013-08-02 12:55:37 | 010,242,002 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB Beta.exe
[2013-08-02 09:12:07 | 104,438,596 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\b3liar mix vol.8.mp3
[2013-08-01 18:01:40 | 000,498,307 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\pokedestiny.rar
[2013-08-01 14:06:32 | 000,001,371 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\League of Legends.lnk
[2013-08-01 10:26:11 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Counter-Strike GROM.lnk
[2013-08-01 10:21:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-07-30 18:15:11 | 001,418,239 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\mapa poke(1).rar
[2013-07-29 13:09:18 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\inventory.lua
[2013-07-29 12:44:28 | 009,211,736 | ---- | M] (Martin Prikryl) -- C:\Documents and Settings\SZYMAN\Pulpit\WinSCP.exe
[2013-07-28 21:30:05 | 003,969,727 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\TibiaDatEditor8.70.rar
[2013-07-28 20:24:56 | 001,201,038 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\mapa poke.rar
[2013-07-27 09:31:45 | 080,412,598 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\things.spr
[2013-07-27 09:31:43 | 000,457,304 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\things.dat
[2013-07-27 08:58:45 | 001,104,102 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\MAPA SMOKI.bmp
[2013-07-26 23:18:23 | 000,675,988 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Minecraft.exe
[2013-07-26 14:56:33 | 000,137,135 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\for sedron.gif
[2013-07-25 22:10:44 | 000,369,094 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\MAPA.bmp
[2013-07-24 12:19:01 | 004,933,873 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Mystera_4.2.rar
[2013-07-23 21:09:02 | 021,269,058 | ---- | M] (Vultur GmbH) -- C:\Documents and Settings\SZYMAN\Pulpit\DBP 2.35.exe
[2013-07-22 21:56:30 | 034,517,228 | ---- | M] () -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Slash 2.0.rar
[2013-07-22 11:51:07 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-08-20 21:58:38 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Process Hacker 2.lnk
[2013-08-20 21:24:43 | 000,164,134 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\salitykiller.zip
[2013-08-20 20:45:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013-08-20 20:45:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013-08-20 20:45:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013-08-20 20:45:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013-08-20 20:45:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013-08-20 20:42:06 | 000,000,174 | ---- | C] () -- C:\Fix.reg
[2013-08-19 23:13:06 | 000,122,783 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Obraz.png
[2013-08-19 19:06:53 | 000,627,104 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Spy++.rar
[2013-08-19 09:44:13 | 001,095,054 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\dasd.bmp
[2013-08-18 19:57:18 | 000,182,571 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\logo dbleague.xcf
[2013-08-18 19:57:18 | 000,022,936 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
[2013-08-18 12:13:36 | 000,346,511 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\dbmw skin (1).rar
[2013-08-18 11:45:03 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Menu Start\Programy\DC Universe Online PSG.lnk
[2013-08-17 22:31:26 | 015,575,222 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Wander of Shinobi.exe
[2013-08-17 13:48:45 | 000,399,360 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\NoxSpr.exe
[2013-08-16 16:23:21 | 000,577,536 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Tibia Spambot by IgI.exe
[2013-08-16 13:13:17 | 000,345,142 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\ZAPŁACIĆ.bmp
[2013-08-14 11:26:13 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2013-08-13 13:29:38 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\PokeXGame.lnk
[2013-08-13 13:29:16 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Dead Island.lnk
[2013-08-13 10:13:22 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\BattleField Play4Free.lnk
[2013-08-12 20:13:27 | 000,282,104 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013-08-12 20:00:16 | 000,139,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013-08-12 20:00:15 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Dane aplikacji\PnkBstrK.sys
[2013-08-12 20:00:01 | 000,282,104 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013-08-12 20:00:01 | 000,282,104 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013-08-12 19:59:58 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013-08-12 15:15:31 | 000,055,474 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\cc_20130812_151527.reg
[2013-08-12 14:57:39 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2013-08-10 15:51:30 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\League of Legends.lnk
[2013-08-09 21:24:43 | 000,011,902 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\WinSCP.ini
[2013-08-09 19:09:21 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2013-08-09 19:09:07 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Switch to Gaming Mode.lnk
[2013-08-09 19:09:07 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster 3.lnk
[2013-08-09 17:30:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Dane aplikacji\winscp.rnd
[2013-08-09 16:32:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2013-08-08 20:43:39 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Counter Strike Source.lnk
[2013-08-08 16:08:22 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2013-08-08 16:06:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013-08-07 23:34:00 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic.otbm
[2013-08-07 23:34:00 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic-spawn.xml
[2013-08-07 23:34:00 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\zrobic-house.xml
[2013-08-07 14:41:07 | 000,006,574 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Bez nazwy.xcf
[2013-08-07 14:02:25 | 000,003,126 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\heh.bmp
[2013-08-06 13:18:28 | 000,002,281 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\swirus.bbtheme
[2013-08-06 13:16:25 | 000,002,281 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\worldofdb-actual-20130806.bbtheme
[2013-08-06 12:36:35 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk
[2013-08-05 13:57:59 | 000,147,983 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\vocations.xml
[2013-08-03 14:09:09 | 000,006,079 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg-house.xml
[2013-08-03 14:09:09 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg-spawn.xml
[2013-08-03 13:12:14 | 020,926,082 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\evorpg.otbm
[2013-08-03 11:16:26 | 007,723,222 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB.rar
[2013-08-02 22:35:44 | 000,291,083 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\wodb].png
[2013-08-02 22:30:34 | 000,034,990 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\logo.png
[2013-08-02 12:55:09 | 010,242,002 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\WoDB Beta.exe
[2013-08-02 09:08:31 | 104,438,596 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\b3liar mix vol.8.mp3
[2013-08-01 18:01:40 | 000,498,307 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\pokedestiny.rar
[2013-08-01 10:26:11 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Counter-Strike GROM.lnk
[2013-07-30 18:14:27 | 001,418,239 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\mapa poke(1).rar
[2013-07-29 13:09:04 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\inventory.lua
[2013-07-28 21:28:37 | 003,969,727 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\TibiaDatEditor8.70.rar
[2013-07-28 20:24:15 | 001,201,038 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Moje dokumenty\mapa poke.rar
[2013-07-27 09:33:21 | 000,457,304 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\things.dat
[2013-07-27 09:33:20 | 080,412,598 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\things.spr
[2013-07-26 14:56:10 | 000,137,135 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\for sedron.gif
[2013-07-25 19:09:21 | 001,104,102 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\MAPA SMOKI.bmp
[2013-07-25 17:31:43 | 000,369,094 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\MAPA.bmp
[2013-07-24 12:15:41 | 004,933,873 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Mystera_4.2.rar
[2013-07-22 22:51:38 | 001,271,460 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\MoleBox Pro 2.6.4.2534.exe
[2013-07-22 21:43:35 | 034,517,228 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Slash 2.0.rar
[2013-07-22 12:24:36 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Pulpit\hehe.html
[2013-07-10 17:55:11 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\SZYMAN\.jscreenfix.licence
[2013-07-01 18:26:20 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\SZYMAN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-06-27 08:09:17 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013-06-27 08:09:16 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013-06-25 13:15:18 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\SZYMAN\.gtk-bookmarks
[2013-06-11 17:42:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2013-06-11 17:42:47 | 000,831,488 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2013-06-11 17:42:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2013-06-11 17:42:45 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2013-06-11 17:42:45 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2013-06-11 17:42:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2013-06-11 17:42:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2013-06-09 09:17:32 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2013-05-20 16:54:47 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013-05-20 16:53:51 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-20 15:52:25 | 001,075,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013-05-20 15:52:25 | 001,075,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013-05-20 15:52:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013-05-20 15:52:14 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013-05-20 15:09:19 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2013-05-20 15:09:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013-05-20 15:08:00 | 000,024,399 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2013-05-20 15:07:58 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2013-05-20 15:07:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2013-05-20 15:04:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-05-20 15:00:23 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2013-05-23 19:06:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 22:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008-04-14 22:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 22:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013-05-20 15:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2013-08-20 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe
[2013-06-20 19:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-08-09 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2013-05-25 20:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Logs
[2013-08-01 18:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2013-08-01 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\.minecraft
[2013-08-16 23:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\.minecraft_pixelmon.pl
[2013-06-23 18:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\.technic
[2013-06-01 10:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\BlWrO
[2013-06-15 13:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\DBV
[2013-06-09 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\DBzF1
[2013-05-30 14:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\DealPly
[2013-05-22 20:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Dev-Cpp
[2013-05-21 17:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\eDownload
[2013-05-30 14:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\eIntaller
[2013-06-23 14:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\GG
[2013-08-01 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\LolClient
[2013-06-20 13:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\LoS
[2013-08-03 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Nowe Gadu-Gadu
[2013-08-19 12:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Pokeing
[2013-08-16 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Pokes
[2013-08-20 22:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Process Hacker 2
[2013-06-18 17:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\pverb
[2013-08-12 13:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Remere's Map Editor
[2013-08-01 14:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Riot Games
[2013-06-08 19:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Search Protection
[2013-08-18 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Sony Online Entertainment
[2013-08-20 17:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\sqlitestudio
[2013-05-24 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\TeamViewer
[2013-08-20 18:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\Tibia
[2013-08-18 18:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\TS3Client
[2013-08-12 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SZYMAN\Dane aplikacji\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

 

extras.txt

OTL Extras logfile created on: 2013-08-21 06:38:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\SZYMAN\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 73,92% Memory free
4,85 Gb Paging File | 4,21 Gb Available in Paging File | 86,91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 58,62 Gb Free Space | 75,03% Space Free | Partition Type: NTFS
Drive D: | 75,25 Gb Total Space | 52,89 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: SZYMAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56676:TCP" = 56676:TCP:*:Enabled:Pando Media Booster
"56676:UDP" = 56676:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56676:TCP" = 56676:TCP:*:Enabled:Pando Media Booster
"56676:UDP" = 56676:UDP:*:Enabled:Pando Media Booster
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\SZYMAN\Pulpit\TFS NOB\TheForgottenServer.exe" = C:\Documents and Settings\SZYMAN\Pulpit\TFS NOB\TheForgottenServer.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\SZYMAN\Pulpit\Tibia Counter STrike\[CSTibia] 1.0 by Roksas - CLIENTE + SERVIDOR\TheForgottenServerV8.2 32bit.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Tibia Counter STrike\[CSTibia] 1.0 by Roksas - CLIENTE + SERVIDOR\TheForgottenServerV8.2 32bit.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"C:\Documents and Settings\SZYMAN\Pulpit\Tibia Counter STrike\[CSTibia] 1.0 by Roksas - CLIENTE + SERVIDOR\TheForgottenServerV8.2 64bit.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Tibia Counter STrike\[CSTibia] 1.0 by Roksas - CLIENTE + SERVIDOR\TheForgottenServerV8.2 64bit.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"D:\programs\utorrent\uTorrent.exe" = D:\programs\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\SZYMAN\Pulpit\PokeDestiny\PokeDestiny_by_Swirus.exe" = C:\Documents and Settings\SZYMAN\Pulpit\PokeDestiny\PokeDestiny_by_Swirus.exe:*:Enabled:Pokemon Destiny -- (Poke-Destiny)
"D:\programs\xampplite\apache\bin\httpd.exe" = D:\programs\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\programs\xampplite\mysql\bin\mysqld.exe" = D:\programs\xampplite\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"D:\programs\Nowe Gadu-Gadu\gg.exe" = D:\programs\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
"C:\Documents and Settings\SZYMAN\Pulpit\EvoRPG by Zbizu\TheOTXServer.exe" = C:\Documents and Settings\SZYMAN\Pulpit\EvoRPG by Zbizu\TheOTXServer.exe:*:Enabled:TheOTXServer -- ()
"C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe" = C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe:*:Enabled:WsysSvc -- (Wsys Co., Ltd.)
"C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Slash 2.0\Pokemon Slash 2.0\PokeDestiny_by_Swirus.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Pokemon Slash 2.0\Pokemon Slash 2.0\PokeDestiny_by_Swirus.exe:*:Enabled:Pokemon Destiny -- (Poke-Destiny)
"D:\games\Counter Strike Online 1.6\cstrike.exe" = D:\games\Counter Strike Online 1.6\cstrike.exe:*:Enabled:MetaHook Launcher -- ()
"C:\Documents and Settings\SZYMAN\Pulpit\WoDB\TheForgottenServer.exe" = C:\Documents and Settings\SZYMAN\Pulpit\WoDB\TheForgottenServer.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"C:\Documents and Settings\SZYMAN\Pulpit\DBLW 8.54\TheForgottenServer.exe" = C:\Documents and Settings\SZYMAN\Pulpit\DBLW 8.54\TheForgottenServer.exe:*:Enabled:The Forgotten Server -- (OtLand.net)
"D:\games\Counter Strike Online 1.6\hl.exe" = D:\games\Counter Strike Online 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\games\counter strike 1.6 new\hl.exe" = D:\games\counter strike 1.6 new\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\games\SteamLibrary\SteamApps\common\Dead Island\DeadIslandGame.exe" = D:\games\SteamLibrary\SteamApps\common\Dead Island\DeadIslandGame.exe:*:Enabled:DeadIsland -- (Techland)
"D:\games\Counter-Strike Source\hl2.exe" = D:\games\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\games\bf play4free\BFP4f.exe" = D:\games\bf play4free\BFP4f.exe:*:Enabled:BFP4f Application -- (Easy)
"C:\Documents and Settings\SZYMAN\Pulpit\Poke by Bolz v3\PDA Edited by Dandanvrb\Silnik\PO Dash World [Advanced] - GUI.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Poke by Bolz v3\PDA Edited by Dandanvrb\Silnik\PO Dash World [Advanced] - GUI.exe:*:Enabled:Pokemon Dash Advanced -- (P.O.D Advanced)
"C:\Documents and Settings\SZYMAN\Pulpit\Poke by Bolz v3\PDA Edited by Bolz v3\Silnik\PO Dash World [Advanced] - GUI.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Poke by Bolz v3\PDA Edited by Bolz v3\Silnik\PO Dash World [Advanced] - GUI.exe:*:Enabled:Pokemon Dash Advanced -- (P.O.D Advanced)
"C:\Program Files\Java\jre7\launch4j-tmp\Pixelmon.exe" = C:\Program Files\Java\jre7\launch4j-tmp\Pixelmon.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"D:\games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe" = D:\games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe:*:Enabled:ipsec -- ()
"C:\Documents and Settings\SZYMAN\Pulpit\Dragon Ball Mysterious World v1.0.exe" = C:\Documents and Settings\SZYMAN\Pulpit\Dragon Ball Mysterious World v1.0.exe:*:Enabled:ipsec -- (DBMW Team)
"C:\WINDOWS\RTHDCPL.EXE" = C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
"C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe" = C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe:*:Enabled:ipsec -- ()
"C:\fasfasf\CF29088.3XE" = C:\fasfasf\CF29088.3XE:*:Enabled:ipsec
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0C0FE292-E7D0-4938-AA41-E6E5F72D21BC}" = Remere's Map Editor
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1" = Window Title Changer version 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Big Pack 8.4" = Big Pack 8.4
"CCleaner" = CCleaner
"Counter Strike Online 1.6 ver.1.0" = Counter Strike Online 1.6 ver.1.0
"Counter-Strike 1.6" = Counter-Strike 1.6
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"ElfBot NG_is1" = ElfBot NG 4.1.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESF" = Earth's Special Forces
"Game Booster_is1" = Game Booster 3
"GIMP-2_is1" = GIMP 2.8.4
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Process_Hacker2_is1" = Process Hacker 2.31 (r5355)
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"screenSHU" = screenSHU - the fastest screen capture ever.
"Steam App 91310" = Dead Island
"The KMPlayer" = The KMPlayer (remove only)
"Tibia Auto" = NSIS Example2
"TMIPC" = Tibia MULTI-ip changer
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (SZYMAN)
"BearShare" = BearShare
"Cs 1.6 Background Maker v3.0" = Cs 1.6 Background Maker v3.0
"Search Protection" = Search Protection
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013-07-23 03:22:02 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd hlds.exe, wersja 4.1.1.1, moduł powodujący
 błąd hlds.exe, wersja 4.1.1.1, adres błędu 0x000061f0.
 
Error - 2013-07-24 13:29:19 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd hl.exe, wersja 1.1.1.1, moduł powodujący
 błąd unknown, wersja 0.0.0.0, adres błędu 0x040ffa1c.
 
Error - 2013-07-24 17:07:35 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd hl.exe, wersja 1.1.1.1, moduł powodujący
 błąd , wersja 0.0.0.0, adres błędu 0x00000000.
 
Error - 2013-07-25 11:26:09 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd rme.exe, wersja 0.0.0.0, moduł powodujący
 błąd rme.exe, wersja 0.0.0.0, adres błędu 0x0026b2d7.
 
Error - 2013-07-25 11:30:17 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd rme.exe, wersja 0.0.0.0, moduł powodujący
 błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x000109f9.
 
Error - 2013-07-29 06:29:37 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0,
 moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x1381ad13.
 
Error - 2013-07-29 10:52:15 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0,
 moduł powodujący błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0, adres błędu 0x0053cb1a.
 
Error - 2013-07-29 12:22:33 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0,
 moduł powodujący błąd msvcrt.dll, wersja 7.0.2600.5512, adres błędu 0x00025b61.
 
Error - 2013-07-29 12:27:42 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0,
 moduł powodujący błąd msvcrt.dll, wersja 7.0.2600.5512, adres błędu 0x00025b61.
 
Error - 2013-07-29 12:28:29 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0,
 moduł powodujący błąd pokedestiny_by_swirus.exe, wersja 1.2.0.0, adres błędu 0x0053d42a.
 
[ System Events ]
Error - 2013-08-20 15:20:01 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:20:01 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:20:01 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:20:01 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:20:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:23:21 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:23:21 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:23:22 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:23:22 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
Error - 2013-08-20 15:23:22 | Computer Name = HOME | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący
 błąd:   %%5.
 
 
< End of report >

 

Zauwazylem, ze dzisiaj pc uruchomil sie znacznie szybciej (to chyba po tym skanowaniu salitykillerem)


  • 0

#4 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 22 sierpień 2013 - 08:59

Gdzieś ucięło OTL.txt. Dorzuć go.


  • 1

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#5 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 22 sierpień 2013 - 09:47

No dałem.. ale dobra sa w zalaczniku obydwa jbc.

 

Załączone pliki

  • Załączony plik  OTL.Txt   128,25 KB   49 Ilość pobrań
  • Załączony plik  Extras.Txt   47,54 KB   46 Ilość pobrań

  • 0

#6 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 22 sierpień 2013 - 13:29

W systemie były wykonywane inne działania oprócz SalityKillera. Coś było usuwane przez OTL, uruchamiany ComboFix oraz ładowany był fix do rejestru.

Co dokładnie usuwałeś przez OTL? Co zawiera się w pliku fix.reg ? Jeśli posiadasz jeszcze log z tamtego uruchomienia ComboFix, pokaż go.

Infekcja jest w pełni zakorzeniona, ale spróbujemy ją jak najszybciej usunąć. Na razie będziemy dezynfekować spod działającego systemu, jeśli się nie uda, przerzucimy się na narzędzia liveCD.

1. Do OTL w okno Własne opcje skanowania/Skrypt wklej:


:Processes
killallprocesses

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089
IE - HKU\S-1-5-21-2025429265-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089
FF - prefs.js..browser.search.order.1: "delta-homes"
FF - prefs.js..browser.startup.homepage: "http://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=HitachiXHDS721616PLA380_PVC300Z2TSNAKJTSNAKJX&ts=1369916089"
[2013-07-10 15:45:10 | 000,000,787 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
[2013-05-30 14:14:51 | 000,000,733 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
O4 - HKU\S-1-5-21-2025429265-651377827-839522115-1003..\Run: [SearchProtection] C:\Documents and Settings\SZYMAN\Dane aplikacji\Search Protection\SearchProtection.EXE (Spigot, Inc.)

:Files
C:\WINDOWS\system32\drivers\ojlgmn.sys
C:\Documents and Settings\SZYMAN\Dane aplikacji\Search Protection
C:\Program Files\Common Files\logonInit.dll
C:\Program Files\Common Files\userInit.dll
C:\Documents and Settings\SZYMAN\Dane aplikacji\DealPly
C:\fasfasf\CF29088.3XE

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\RTHDCPL.EXE"=-
"C:\fasfasf\CF29088.3XE"=-
"C:\WINDOWS\explorer.exe"=-

:Services
amsint32

:Commands
[emptytemp]
[Reboot]

Kliknij Wykonaj skrypt, pokaż raport.

2. Wykonaj chociaż dwa pełne skanowania SalityKillerem. Leczysz wszystkie pliki, jakie się da, tych których się nie da usuwasz.

3. Pokaż zestaw nowych logów.

 


  • 1

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#7 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 22 sierpień 2013 - 19:22

Niechcacy po starcie systemu zamknalem to okno z logiem - gdzie moge znalezc te logi?

Nie nie usuwalem przez OTL znaczy sie jakis skrypt bralem chyba ten http://www.forumpc.p...nia-prace-logi/ [link z historii] nie pamietam - moge gdzies znalezc log skryptow ktore uzywalem?

 

Chcialem tez dodac ze zainstalowalem AVG Free 2013 i zaaktualizowalem do 30dniowej wersji probnej i przeskanowalem caly pc i wykrylo 104 potencjalnie niebezpieczne watki i 79 potencjalnie niebezpieczne rootkity pousuwalo te, ktore nie byly z plikow systemowych ale troche ich zostalo ;/ to jeden z nich - czy moge znalezc jakis log textowy ze skanow avg?

qkr.png

I nie pamietam ale po umieszczeniu tu posta skanowalem sality killerem chyba 2 razy , no i teraz raz bo skoro nic nie wykrylo.

 

log combo fix w zalaczniku

 

 

"3. Pokaż zestaw nowych logów." jesli chodzi o otl no to lap w zalaczniku

 

 

Juz nic nie robie na wlasna reke [skrypty z neta/antywiry] bo pozniej nie wiem co robilem :( przepraszam za ten chaos

Załączone pliki

  • Załączony plik  ComboFix.txt   17,72 KB   57 Ilość pobrań
  • Załączony plik  OTL.Txt   126,7 KB   47 Ilość pobrań

  • 0

#8 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 24 sierpień 2013 - 18:35

moge gdzies znalezc log skryptow ktore uzywalem?

 

Poszukaj plików .txt w folderze C:\_OTL .

 

Co do AVG - nigdy nie instaluj drugiego antywirusa, kiedy jeden już jest w systemie. To, co wykrył teraz, to jest składnik Avasta. Takie instalowanie prowadzi do "gryzienia" się antywirusów - jeden wykrywa składniki drugiego jako wirusy, a mogą się zdarzyć też poważniejsze konsekwencje typu zablokowanie niektórych funkcji systemu. Zdecyduj się na jeden program ochronny, drugi usuń.

 

Wykonaj ten skrypt w OTL:


:Files
C:\Documents and Settings\All Users\Dane aplikacji\eSafe
C:\Documents and Settings\SZYMAN\Dane aplikacji\eDownload
C:\Documents and Settings\SZYMAN\Dane aplikacji\eIntaller

Pokaż raport.

Wygląda na to, że będzie już w porządku, więc można odinstalować ComboFix.

Wciśnij kombinację Logo Windows + R i wklej:

"c:\documents and settings\SZYMAN\Moje dokumenty\Pobieranie\fasfasf.exe" /uninstall

Potwierdź Enterem.

Czy problem jeszcze występuje? Jeśli nie, podam kroki końcowe.


  • 1

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#9 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 24 sierpień 2013 - 19:08

Spoiler

 

Usunalem avasta i dopiero zainstalowalem AVG (dlatego ze wiekszosc ludzi z ktorymi gadalem mi go polecila)

 

log po skrypcie o ktory teraz prosiles/las

Spoiler

 

combo fixa usunac? no okej gotowe ale tym ctrl+r sie nie dalo wiec usunalem recznie - bug byl taki

96nr.png

Problemu juz nie widze, komputer znacznie szybciej sie uruchamia :) Ale prosil bym jeszcze o jakis skrypt albo przejzenie logow bo filmiki nie tylko na yt jesli ogladam to mi klatkuje, wczesniej tak nie bylo. Dziekuje za wszystko :D

 

 


  • 0

#10 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 25 sierpień 2013 - 13:52

Pokaż jeszcze nowy log z OTL (bez Extras) - jeśli ComboFix całkiem się nie usunął, to trzeba będzie go usunąć ręcznie.

 

Ale prosil bym jeszcze o jakis skrypt albo przejzenie logow bo filmiki nie tylko na yt jesli ogladam to mi klatkuje, wczesniej tak nie bylo.

W takim razie przeglądnę nowy log, który teraz dasz i zobaczymy, co można jeszcze zrobić.


  • 1

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#11 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 28 sierpień 2013 - 09:54

Jednak juz sobie z tym poradzilem ;d Znaczy sie na nastepny dzien juz normalnie dzialalo. Dzieki wielkie :D A te czynnosci ostateczne jakies jeszcze ;s

Spoiler

Dzisiaj AVG wykrył mi na dysku D wirusa Win32/Sality.dropper - mozna sprawdzic logi pod katem tego wirusa?

 

Spoiler

 

extras

Spoiler


Użytkownik Swirusek edytował ten post 28 sierpień 2013 - 09:57

  • 0

#12 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 29 sierpień 2013 - 18:16

Odinstaluj Search Protection poprzez aplet Dodaj/usuń programy.

 

Dzisiaj AVG wykrył mi na dysku D wirusa Win32/Sality.dropper

W jakim pliku go wykrył? Podłączałeś jakieś pamięci przenośne do komputera?


  • 0

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#13 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 30 sierpień 2013 - 10:09

Nie podlaczalem.

d:/qmaok.exe

 

I poprzedzam pytanie - nie wiem co to za plik i co tam robil, nie odpalalem go avg sam go wykryl-wlaczylem pokazywanie ukrytych folderow i plikow i mi go pokazalo.

 

Search Protection usuniete.


  • 0

#14 OFFLINE   Natsuki Kuga

Natsuki Kuga
  • Moderator
  • 1779 postów
290
Znakomity

Napisano 31 sierpień 2013 - 23:22

To mi wygląda na plik inicjujący całą infekcję, mam coś podobnego w swojej kolekcji próbek. (jeśli chcesz, możesz mi go podesłać na PW przed kasacją, to go sobie zbadam) Jeśli jest sam na dysku, nie robi nic - cała zabawa zaczyna się po uruchomieniu.

 

Wykonaj ten skrypt w OTL:

:Files
D:\qmaok.exe

Pokaż raport.

 

Potem wklej to do OTL:

C:\*.*
D:\*.*

Skanuj, pokaż log.


  • 0

Dlaczego nie warto korzystać z programów firmy IOBit: http://shanegowland....-sucky-company/

 

Nie zawsze mogę mieć czas, aby udzielić pomocy. Nie odpisuję w Twoim temacie dłużej niż 72h? Napisz do mnie PW.


#15 OFFLINE   Swirusek

Swirusek
  • Autor tematu
  • Użytkownik
  • 9 postów
0
Neutralny

Napisano 01 wrzesień 2013 - 15:04

Spoiler

 

i

 

Spoiler


  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

Przekaż 1% podatku na rzecz OPP | Twój Sony Ericsson | tanie domeny w PROGRESO

Zawartość każdej wiadomości wyraża poglądy i opinie jego autora, a nie administratorów czy moderatorów (poza wiadomościami pisanymi przez nich)