Kafar0z0 utworzono 20 czerwca 2010 utworzono 20 czerwca 2010 Witam. Nie dawno kupiłem nowy komputer. I od tamtego czasu podczas pracy komputera wyłącza mi sie dźwięk tak sam od siebie, a dzieje sie to podczas grania, ogladania filmów, słuchania muzyki czy nawet gdy komputer jest właczony ale nic na nim nie robię. Aby miec spowrotem dźwięk musze wyłączyc i włączyc ponownie komputer. Mam najnowszy sterownik od dźwięku i dalej sie tak robi. Z góry dziękuje za pomoc Odesłano mnie tutaj z logami z OTL z podejźeniem infekcji svchost.exe [log]OTL Extras logfile created on: 2010-06-20 15:21:05 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,95 Gb Total Space | 244,25 Gb Free Space | 53,22% Space Free | Partition Type: NTFS Drive D: | 459,46 Gb Total Space | 424,69 Gb Free Space | 92,43% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AD-KOMPUTER Current User Name: AD Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color="#e56717"]========== Authorized Applications List ==========[/color] [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "NVIDIA Drivers" = NVIDIA Drivers "SpeedTouch 330" = SpeedTouch 330 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170415-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{0638268c-b727-4f78-a92b-a4f68176e670}" = Nero 9 Essentials "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone "{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A "{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = SpellForce - Zakon Świtu "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{92C0EEE0-EA16-4B95-84B6-A060B589081B}" = Disciples II - Bunt Elfów "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "ALLConverter to 3GP_is1" = ALLConverter to 3GP "ALLConverter to PSP_is1" = ALLConverter to PSP "ALLPlayer_is1" = ALLPlayer V4.X "avast5" = avast! Free Antivirus "BFGC" = Big Fish Games: Game Manager "BFG-Explorer - Contraband Mystery" = Explorer: Contraband Mystery "BFG-Flux Family Secrets - The Rabbit Hole Collectors Edition" = Flux Family Secrets: The Rabbit Hole Collector's Edition "BitTorrent" = BitTorrent "Company of Heroes" = Company of Heroes "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Flower Paradise" = Flower Paradise (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "Herod's Lost Tomb_is1" = Herod's Lost Tomb "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "ipla" = ipla 2.1.2 "iWinArcade" = iWin Games (remove only) "Lost Lagoon: The Trail of Destiny" = Lost Lagoon: The Trail of Destiny (remove only) "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Neverwinter Nights - Kingmaker" = BioWare Premium Module: Neverwinter Nights - Kingmaker "Neverwinter Nights - ShadowGuard" = BioWare Premium Module: Neverwinter Nights - ShadowGuard "Neverwinter Nights - Witch's Wake" = BioWare Premium Module: Neverwinter Nights - Witch's Wake "PowerISO" = PowerISO "Rainbow Web 2_is1" = Rainbow Web 2 "RealPlayer 12.0" = RealPlayer "Season Match 2_is1" = Season Match 2 "Season Match_is1" = Season Match "SpeedFan" = SpeedFan (remove only) "Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator "SubEdit-Player_is1" = SubEdit-Player "Web Games Player Plugin" = Web Games Player Plugin "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "Xfire" = Xfire (remove only) "XfireXO Toolbar" = XfireXO Toolbar "ZOODomino_is1" = ZOODomino [color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-11 14:39:30 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-12 00:31:36 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227 Description = Error - 2010-06-12 00:32:07 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227 Description = Error - 2010-06-12 09:36:54 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 04:31:11 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 05:54:43 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 14:12:42 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0x1158 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b204549107b Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 41db1e33-7717-11df-9fac-00016c70cb92 Error - 2010-06-13 14:20:48 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0xe94 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b25168b1357 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 636c9251-7718-11df-9fac-00016c70cb92 Error - 2010-06-13 14:35:08 | Computer Name = AD-Komputer | Source = Application Hang | ID = 1002 Description = Program BF1942.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: f20 Godzina rozpoczęcia: 01cb0b2666e58855 Godzina zakończenia: 92 Ścieżka aplikacji: d:\battlefield 1942\BF1942.exe Identyfikator raportu: Error - 2010-06-13 14:35:45 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0xf30 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b272fd760f0 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 7a416e0a-771a-11df-9fac-00016c70cb92 [ System Events ] Error - 2010-04-22 07:39:22 | Computer Name = AD-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 13:37:33 na ?2010-?04-?22 było nieoczekiwane. Error - 2010-04-22 07:39:16 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 07:39:28 | Computer Name = AD-Komputer | Source = BugCheck | ID = 1001 Description = Error - 2010-04-22 07:39:33 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 08:54:39 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 08:54:54 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 11:25:14 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 11:25:27 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 12:29:11 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 12:29:25 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 < End of report >[/log] [color="#ff0000"] //przenoszę do subforum Logi do sprawdzenia //raaz[/color]
Kafar0z0 komentarz 20 czerwca 2010 Autor komentarz 20 czerwca 2010 [log]OTL logfile created on: 2010-06-20 15:21:05 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,95 Gb Total Space | 244,25 Gb Free Space | 53,22% Space Free | Partition Type: NTFS Drive D: | 459,46 Gb Total Space | 424,69 Gb Free Space | 92,43% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AD-KOMPUTER Current User Name: AD Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#e56717"]========== Processes (SafeList) ==========[/color] PRC - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe PRC - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010-06-19 11:03:53 | 000,184,928 | ---- | M] (NHN Corporation) -- C:\Program Files (x86)\ijji\ijji REACTOR\REACTOR.exe PRC - [2010-05-28 02:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe PRC - [2010-04-02 11:40:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-03-22 07:36:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe PRC - [2010-03-05 17:14:38 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe PRC - [2010-02-02 23:45:50 | 014,252,952 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files (x86)\ipla\ipla.exe PRC - [2009-11-25 15:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2009-10-13 00:44:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009-09-29 12:31:58 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009-09-29 11:51:14 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009-09-10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009-08-18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009-08-12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009-08-04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009-06-05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [color="#e56717"]========== Modules (SafeList) ==========[/color] MOD - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe MOD - [2010-05-28 02:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll MOD - [2009-09-29 12:32:24 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll MOD - [2009-07-14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-06-09 19:21:43 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010-05-03 23:12:00 | 003,584,240 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe -- (st330service) SRV - [2009-09-10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009-08-25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel® [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2010-03-13 10:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-03-03 14:08:17 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS) DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:[b]64bit:[/b] - [2009-11-09 05:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:[b]64bit:[/b] - [2009-11-04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:[b]64bit:[/b] - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:[b]64bit:[/b] - [2009-09-23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:[b]64bit:[/b] - [2009-08-24 15:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64) DRV:[b]64bit:[/b] - [2009-07-18 07:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:[b]64bit:[/b] - [2009-07-14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:[b]64bit:[/b] - [2009-07-13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-06-26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2009-06-20 00:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -- (mwlPSDVDisk) DRV - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -- (mwlPSDNServ) DRV - [2009-04-06 09:08:04 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2003-10-10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-10-10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url] IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url] IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010-03-07 00:12:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-06-19 11:03:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-06-19 11:03:16 | 000,000,000 | ---D | M] [2010-03-05 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Extensions [2010-06-20 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions [2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010-03-05 18:44:19 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010-04-08 08:12:34 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet.com [2010-03-11 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com [2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml [2010-04-21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml [2010-06-07 14:08:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-06-07 14:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2009-07-02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:[b]64bit:[/b] - HKLM..\Run: [diagnostics] C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium) O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\oem\setEvent.exe File not found O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-06-20 12:50:02 | 000,362,656 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe [2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll [2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll [2010-06-20 12:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN [2010-06-20 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Local\PMB Files [2010-06-20 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010-06-20 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010-06-20 07:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2010-06-19 21:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010-06-19 12:33:45 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2010-06-19 12:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2010-06-19 11:03:17 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\SysWow64\uc_wepic_launching.dll [2010-06-19 11:03:17 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll [2010-06-19 11:03:17 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll [2010-06-19 11:03:17 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll [2010-06-19 11:03:17 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll [2010-06-19 11:03:16 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe [2010-06-19 11:03:16 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll [2010-06-19 11:03:16 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_holybeast_launching.dll [2010-06-19 11:03:16 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe [2010-06-19 11:03:16 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll [2010-06-19 11:03:16 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll [2010-06-19 11:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji [2010-06-15 12:23:41 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\Skunk Studios [2010-06-15 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Explorer - Contraband Mystery [2010-06-15 12:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux Family Secrets - The Rabbit Hole Collectors Edition [2010-06-13 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2010-06-12 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\PlayFirst [2010-06-11 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar [2010-06-11 08:01:25 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010-06-11 08:01:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010-06-11 08:01:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010-06-11 08:01:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010-06-11 08:01:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010-06-11 08:01:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010-06-11 08:01:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010-06-11 08:01:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010-06-10 10:05:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll [2010-06-10 10:05:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll [2010-06-10 09:59:31 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010-06-10 09:59:31 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010-06-10 09:59:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010-06-10 09:59:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010-06-09 23:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FireGlow [2010-06-09 19:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-06-09 19:21:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-06-07 19:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\The Game Equation [2010-06-07 14:08:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010-06-07 14:08:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [color="#e56717"]========== Files - Modified Within 30 Days ==========[/color] [2010-06-20 15:21:33 | 002,621,440 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT [2010-06-20 14:39:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-06-20 12:42:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-06-20 12:42:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-06-20 12:40:32 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-06-20 12:40:32 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-06-20 12:40:32 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-06-20 12:40:32 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-06-20 12:40:32 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-06-20 12:36:16 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempzB3796.html [2010-06-20 12:36:16 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyN3796.html [2010-06-20 12:35:55 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-06-20 12:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-06-20 12:35:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-06-20 12:35:39 | 3163,877,376 | -HS- | M] () -- C:\hiberfil.sys [2010-06-20 12:34:30 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempXe4020.html [2010-06-20 12:34:30 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempZh4020.html [2010-06-20 12:34:27 | 004,354,700 | -H-- | M] () -- C:\Users\AD\AppData\Local\IconCache.db [2010-06-20 08:51:14 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempfy3752.html [2010-06-20 08:51:14 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyS3752.html [2010-06-20 07:50:43 | 000,001,015 | ---- | M] () -- C:\Users\AD\Desktop\SpeedFan.lnk [2010-06-20 07:50:42 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2010-06-19 23:32:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk [2010-06-19 22:53:49 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Temply3468.html [2010-06-19 22:53:49 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempox3468.html [2010-06-19 17:14:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempsB3364.html [2010-06-19 17:14:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBX3364.html [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-06-19 12:32:11 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk [2010-06-19 11:21:20 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempvv4464.html [2010-06-19 11:21:20 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNT4464.html [2010-06-19 11:03:18 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2010-06-19 11:03:18 | 000,000,182 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url [2010-06-19 08:12:05 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempEk3500.html [2010-06-19 08:12:05 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempjn3500.html [2010-06-18 22:17:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYY3448.html [2010-06-18 22:17:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempCr3448.html [2010-06-18 20:08:48 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQf3736.html [2010-06-18 20:08:48 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemppO3736.html [2010-06-18 18:18:59 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTh3408.html [2010-06-18 18:18:59 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempvT3408.html [2010-06-18 15:25:07 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempzq3660.html [2010-06-18 15:25:07 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempdY3660.html [2010-06-18 13:46:27 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempOG3420.html [2010-06-18 13:46:27 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPM3420.html [2010-06-18 12:24:54 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWk3476.html [2010-06-18 12:24:54 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkH3476.html [2010-06-17 23:40:36 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempel3380.html [2010-06-17 23:40:36 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBz3380.html [2010-06-17 12:51:54 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkJ3432.html [2010-06-17 12:51:54 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempHn3432.html [2010-06-16 21:50:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TemprZ3644.html [2010-06-16 21:50:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempGW3644.html [2010-06-16 16:06:41 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempJr4456.html [2010-06-16 16:06:41 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWl4456.html [2010-06-16 14:38:37 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempUM3676.html [2010-06-16 14:38:37 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemphW3676.html [2010-06-16 11:59:03 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNg3772.html [2010-06-16 11:59:03 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempDI3772.html [2010-06-16 11:53:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRe3364.html [2010-06-16 11:53:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempVW3364.html [2010-06-15 21:38:43 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTA3432.html [2010-06-15 21:38:43 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempWr3432.html [2010-06-15 16:38:17 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempzQ3472.html [2010-06-15 16:38:17 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempmO3472.html [2010-06-15 12:22:14 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk [2010-06-15 12:22:14 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk [2010-06-15 12:09:26 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk [2010-06-15 10:06:10 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempqH1376.html [2010-06-15 10:06:10 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempOm1376.html [2010-06-14 23:27:42 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBI3892.html [2010-06-14 23:27:42 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Temppz3892.html [2010-06-14 08:19:24 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempkC3464.html [2010-06-14 08:19:24 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempDT3464.html [2010-06-13 22:24:20 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempjM3512.html [2010-06-13 22:24:20 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempLC3512.html [2010-06-13 13:16:02 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Temppb3896.html [2010-06-13 13:16:02 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempid3896.html [2010-06-12 23:18:55 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Flower Paradise.lnk [2010-06-12 23:16:52 | 000,002,176 | ---- | M] () -- C:\Users\AD\Desktop\Season Match.lnk [2010-06-12 23:16:52 | 000,002,076 | ---- | M] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk [2010-06-12 21:49:27 | 000,002,190 | ---- | M] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk [2010-06-12 21:42:00 | 000,002,246 | ---- | M] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk [2010-06-12 20:22:56 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempmu4008.html [2010-06-12 20:22:56 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempNS4008.html [2010-06-12 16:07:15 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempaf3956.html [2010-06-12 16:07:15 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYm3956.html [2010-06-12 13:04:34 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQJ3400.html [2010-06-12 13:04:34 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempqd3400.html [2010-06-11 19:42:42 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRh3460.html [2010-06-11 19:42:42 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempZX3460.html [2010-06-11 15:25:52 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYM3992.html [2010-06-11 15:25:52 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempvn3992.html [2010-06-11 14:44:30 | 000,339,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-06-11 14:42:58 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempRi3848.html [2010-06-11 14:42:58 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempba3848.html [2010-06-10 21:25:35 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempth3596.html [2010-06-10 21:25:35 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempBS3596.html [2010-06-10 15:53:23 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempqY3884.html [2010-06-10 15:53:23 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempyO3884.html [2010-06-09 21:54:13 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempyh3856.html [2010-06-09 21:54:13 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempnZ3856.html [2010-06-09 19:21:12 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempFE3828.html [2010-06-09 19:21:12 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempYS3828.html [2010-06-09 10:38:33 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempQe3368.html [2010-06-09 10:38:33 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPT3368.html [2010-06-09 01:07:17 | 000,002,204 | ---- | M] () -- C:\Users\AD\Desktop\Season Match 2.lnk [2010-06-08 23:19:07 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempMQ3120.html [2010-06-08 23:19:07 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempzf3120.html [2010-06-08 09:11:16 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempoX3564.html [2010-06-08 09:11:16 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempfp3564.html [2010-06-07 23:27:59 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempoB1444.html [2010-06-07 23:27:59 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempeS1444.html [2010-06-07 17:48:19 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempMB3900.html [2010-06-07 17:48:19 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempUI3900.html [2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010-06-07 14:08:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010-06-07 13:58:26 | 378,481,703 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-06-07 12:17:05 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPo3860.html [2010-06-07 12:17:05 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempPA3860.html [2010-06-07 12:14:53 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempck3780.html [2010-06-07 12:14:53 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempkx3780.html [2010-06-01 12:15:50 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TempJa1292.html [2010-06-01 12:15:50 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TemplO1292.html [2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms [2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms [2010-06-01 09:18:09 | 000,065,536 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf [2010-05-31 15:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2010-05-28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2010-05-28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2010-05-27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010-05-27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010-05-27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010-05-27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-06-20 12:36:16 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempzB3796.html [2010-06-20 12:36:16 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyN3796.html [2010-06-20 09:27:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempXe4020.html [2010-06-20 09:27:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempZh4020.html [2010-06-20 07:50:43 | 000,001,015 | ---- | C] () -- C:\Users\AD\Desktop\SpeedFan.lnk [2010-06-20 07:50:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2010-06-20 07:31:23 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempfy3752.html [2010-06-20 07:31:23 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyS3752.html [2010-06-19 23:32:24 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk [2010-06-19 21:39:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Temply3468.html [2010-06-19 21:39:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempox3468.html [2010-06-19 12:32:11 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk [2010-06-19 11:21:42 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempsB3364.html [2010-06-19 11:21:42 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBX3364.html [2010-06-19 11:03:18 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2010-06-19 11:03:18 | 000,000,182 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url [2010-06-19 11:03:17 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010-06-19 08:25:33 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempvv4464.html [2010-06-19 08:25:33 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNT4464.html [2010-06-19 07:58:52 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempEk3500.html [2010-06-19 07:58:52 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempjn3500.html [2010-06-18 22:10:34 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYY3448.html [2010-06-18 22:10:34 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempCr3448.html [2010-06-18 19:11:24 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQf3736.html [2010-06-18 19:11:24 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemppO3736.html [2010-06-18 17:48:51 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTh3408.html [2010-06-18 17:48:51 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempvT3408.html [2010-06-18 13:47:52 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempzq3660.html [2010-06-18 13:47:52 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempdY3660.html [2010-06-18 13:05:18 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempOG3420.html [2010-06-18 13:05:18 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPM3420.html [2010-06-18 06:53:29 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWk3476.html [2010-06-18 06:53:29 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkH3476.html [2010-06-17 13:06:03 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempel3380.html [2010-06-17 13:06:03 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBz3380.html [2010-06-17 08:14:46 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkJ3432.html [2010-06-17 08:14:46 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempHn3432.html [2010-06-16 18:19:54 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TemprZ3644.html [2010-06-16 18:19:54 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempGW3644.html [2010-06-16 16:05:24 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempJr4456.html [2010-06-16 16:05:24 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWl4456.html [2010-06-16 14:02:47 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempUM3676.html [2010-06-16 14:02:47 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemphW3676.html [2010-06-16 11:55:01 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNg3772.html [2010-06-16 11:55:01 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempDI3772.html [2010-06-16 08:06:51 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRe3364.html [2010-06-16 08:06:51 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempVW3364.html [2010-06-15 16:39:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTA3432.html [2010-06-15 16:39:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempWr3432.html [2010-06-15 12:54:30 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempzQ3472.html [2010-06-15 12:54:30 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempmO3472.html [2010-06-15 12:22:14 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk [2010-06-15 12:22:14 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk [2010-06-15 12:09:26 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk [2010-06-15 08:29:00 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempqH1376.html [2010-06-15 08:29:00 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempOm1376.html [2010-06-14 11:58:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBI3892.html [2010-06-14 11:58:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Temppz3892.html [2010-06-14 07:53:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempkC3464.html [2010-06-14 07:53:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempDT3464.html [2010-06-13 18:49:23 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempjM3512.html [2010-06-13 18:49:23 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempLC3512.html [2010-06-13 09:05:42 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Temppb3896.html [2010-06-13 09:05:42 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempid3896.html [2010-06-12 23:18:55 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Flower Paradise.lnk [2010-06-12 23:16:52 | 000,002,176 | ---- | C] () -- C:\Users\AD\Desktop\Season Match.lnk [2010-06-12 21:49:27 | 000,002,190 | ---- | C] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk [2010-06-12 21:49:27 | 000,002,076 | ---- | C] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk [2010-06-12 21:42:00 | 000,002,246 | ---- | C] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk [2010-06-12 20:07:58 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempmu4008.html [2010-06-12 20:07:58 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempNS4008.html [2010-06-12 14:16:37 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempaf3956.html [2010-06-12 14:16:37 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYm3956.html [2010-06-12 06:29:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQJ3400.html [2010-06-12 06:29:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempqd3400.html [2010-06-11 16:33:58 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRh3460.html [2010-06-11 16:33:58 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempZX3460.html [2010-06-11 14:45:08 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYM3992.html [2010-06-11 14:45:08 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempvn3992.html [2010-06-11 07:54:38 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempRi3848.html [2010-06-11 07:54:38 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempba3848.html [2010-06-10 15:55:59 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempth3596.html [2010-06-10 15:55:59 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempBS3596.html [2010-06-10 07:24:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempqY3884.html [2010-06-10 07:24:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempyO3884.html [2010-06-09 20:05:57 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempyh3856.html [2010-06-09 20:05:57 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempnZ3856.html [2010-06-09 12:35:37 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempFE3828.html [2010-06-09 12:35:37 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempYS3828.html [2010-06-09 07:28:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempQe3368.html [2010-06-09 07:28:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPT3368.html [2010-06-09 01:07:17 | 000,002,204 | ---- | C] () -- C:\Users\AD\Desktop\Season Match 2.lnk [2010-06-08 13:44:34 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempMQ3120.html [2010-06-08 13:44:34 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempzf3120.html [2010-06-08 08:01:56 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempoX3564.html [2010-06-08 08:01:56 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempfp3564.html [2010-06-07 21:57:10 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempoB1444.html [2010-06-07 21:57:10 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempeS1444.html [2010-06-07 13:59:08 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempMB3900.html [2010-06-07 13:59:08 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempUI3900.html [2010-06-07 12:17:05 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPo3860.html [2010-06-07 12:17:05 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempPA3860.html [2010-06-07 11:54:45 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempck3780.html [2010-06-07 11:54:45 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempkx3780.html [2010-06-01 09:53:29 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TempJa1292.html [2010-06-01 09:53:29 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TemplO1292.html [2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms [2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms [2010-06-01 09:18:09 | 000,065,536 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf [2010-05-31 15:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010-05-28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2010-03-26 07:39:38 | 000,000,451 | ---- | C] () -- C:\Windows\wininit.ini [2010-03-23 16:30:44 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010-03-21 13:12:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-03-07 09:34:41 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [color="#e56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:2E49D185 @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE3A2438 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:64170090 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:123A86B5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6C75AF4C @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AF4D7176 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:04A88719 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8DA5A13A @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:49E1AC32 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E26EE1D @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1D4140C3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:95659AC5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:615E8DBB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:32FFF2D1 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0E0E9645 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:92D91D7E @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7AB36AC8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6247E766 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E6BA54F4 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4AC5AE3E @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2E45FA8F @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:602146E4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D5AB4AD5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C3A1351B @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3778F8BC @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:287E7337 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CFAE7666 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:90A2AD6F @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:409D7106 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC1777D7 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E411AA0D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E3BD4B99 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7BB47057 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:62A22B09 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5A2D0810 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:643C37D8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D6BEA85D @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:439A20A3 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FA78B902 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D632169E @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:717DE6A0 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:90C12AC3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4640AA @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:878ECA8B @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7CA538B @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CB21167F @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C0DFB793 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AF87C9F8 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:701FCC18 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:603FD11D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8678F6BD @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7314FCCB @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:06E16783 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0309525F @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:52F4CBFF @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E07EA07E @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BA21F28A @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:939A4172 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:88C60511 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:81D20369 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2BFCDF84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DB258930 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B2D21B9B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:63387B59 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0355E87F @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1FFC9F3 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2FBB2B9B @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB65A4AA @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB4762D2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E5946EFF @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AF4CC666 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:85B3C587 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2D0DFF22 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1D8B732A @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DC9E0AAE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4E2A5A6D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:488F7244 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41D1C7CB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F78518BB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D890DD02 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C9CD455 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CA0CE093 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C552BEDE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5197985B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0A4803EE @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C1F2FA44 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5D17C178 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14A7B409 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EDC68C62 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A18FA397 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:89A5891E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3BD4D405 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:21BB9E99 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C8D5426 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C31E38F @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:98DFF516 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7751B8B3 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AD780847 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7174C105 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:441D63A8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:3AD6342E @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:22B52633 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A05F750A @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:A798EB56 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:84CFEE62 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CD177A07 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:3ADB6F65 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:5FBC2BC4 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1E5EC928 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D8139E6A @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3745E745 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:FA206A00 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:63B38619 < End of report >[/log] [color="#ff0000"]//wstawiam tagi [log] //raaz[/color]
Tomek01 komentarz 20 czerwca 2010 komentarz 20 czerwca 2010 (edytowane) Odinstaluj Ask Toolbar, XfireXO Toolbar,DAEMON Tools Toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" [2010-04-08 08:12:34 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet. com [2010-03-11 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com [2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml [2010-04-21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:2E49D185 @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE3A2438 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:64170090 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:123A86B5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6C75AF4C @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AF4D7176 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:04A88719 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8DA5A13A @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:49E1AC32 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E26EE1D @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1D4140C3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:95659AC5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:615E8DBB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:3BA734DE @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:32FFF2D1 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0E0E9645 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:92D91D7E @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7AB36AC8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6247E766 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E6BA54F4 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4AC5AE3E @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2E45FA8F @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:602146E4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:D5AB4AD5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C3A1351B @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3778F8BC @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:287E7337 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CFAE7666 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:97C6B915 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:90A2AD6F @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:599BCADA @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:409D7106 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC836199 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FC1777D7 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E411AA0D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E3BD4B99 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6F3094D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7BB47057 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:62A22B09 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5A2D0810 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:643C37D8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D6BEA85D @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:439A20A3 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FA78B902 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D632169E @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:717DE6A0 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:90C12AC3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8B4640AA @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:878ECA8B @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7CA538B @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CB21167F @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C0DFB793 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:AF87C9F8 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:701FCC18 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:603FD11D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8678F6BD @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7314FCCB @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:06E16783 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0309525F @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:52F4CBFF @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E07EA07E @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BA21F28A @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:939A4172 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:88C60511 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:81D20369 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2BFCDF84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DB258930 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B2D21B9B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:63387B59 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0355E87F @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1FFC9F3 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2FBB2B9B @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB65A4AA @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB4762D2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E5946EFF @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AF4CC666 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:85B3C587 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2D0DFF22 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1D8B732A @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:08390D61 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DC9E0AAE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4E2A5A6D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:488F7244 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41D1C7CB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F78518BB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D890DD02 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C9CD455 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CA0CE093 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C552BEDE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5197985B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0A4803EE @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C1F2FA44 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5D17C178 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:14A7B409 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EDC68C62 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A18FA397 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:89A5891E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3BD4D405 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:21BB9E99 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C8D5426 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9C31E38F @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:98DFF516 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7751B8B3 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AD780847 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7174C105 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:441D63A8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:3AD6342E @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:22B52633 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A05F750A @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:A798EB56 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:84CFEE62 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CD177A07 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:3ADB6F65 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:5FBC2BC4 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1E5EC928 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D8139E6A @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3745E745 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:FA206A00 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:63B38619 :Files C:\Windows\SysWow64\uc_wepic_launching.dll C:\Windows\SysWow64\uc_rohan_launching.dll C:\Windows\SysWow64\uc_neosteam_launching.dll C:\Windows\SysWow64\uc_sfighters_launching.dll C:\Windows\SysWow64\uc_luminary_launching.dll C:\Windows\SysWow64\ijjiSetup.exe C:\Windows\SysWow64\ijjiChannelingPlugin.dll C:\Windows\SysWow64\uc_holybeast_launching.dll C:\Windows\SysWow64\ijjiProcessRestarter.exe C:\Windows\SysWow64\uc_atlantica_launching.dll C:\Windows\SysWow64\ijjiPlugin2.dll C:\Program Files (x86)\ijji C:\Users\Public\Desktop\ijji.url C:\Users\AD\AppData\Local\TempzB3796.html C:\Users\AD\AppData\Local\TempyN3796.html C:\Users\AD\AppData\Local\TempXe4020.html C:\Users\AD\AppData\Local\TempZh4020.html C:\Users\AD\AppData\Local\Tempfy3752.html C:\Users\AD\AppData\Local\TempyS3752.html C:\Users\AD\AppData\Local\Temply3468.html C:\Users\AD\AppData\Local\Tempox3468.html C:\Users\AD\AppData\Local\TempsB3364.html C:\Users\AD\AppData\Local\TempBX3364.html C:\Users\AD\AppData\Local\Tempvv4464.html C:\Users\AD\AppData\Local\TempNT4464.html C:\Users\AD\AppData\Local\TempEk3500.html C:\Users\AD\AppData\Local\Tempjn3500.html C:\Users\AD\AppData\Local\TempYY3448.html C:\Users\AD\AppData\Local\TempCr3448.html C:\Users\AD\AppData\Local\TempQf3736.html C:\Users\AD\AppData\Local\TemppO3736.html C:\Users\AD\AppData\Local\TempTh3408.html C:\Users\AD\AppData\Local\TempvT3408.html C:\Users\AD\AppData\Local\Tempzq3660.html C:\Users\AD\AppData\Local\TempdY3660.html C:\Users\AD\AppData\Local\TempOG3420.html C:\Users\AD\AppData\Local\TempPM3420.html C:\Users\AD\AppData\Local\TempWk3476.html C:\Users\AD\AppData\Local\TempkH3476.html C:\Users\AD\AppData\Local\Tempel3380.html C:\Users\AD\AppData\Local\TempBz3380.html C:\Users\AD\AppData\Local\TempkJ3432.html C:\Users\AD\AppData\Local\TempHn3432.html C:\Users\AD\AppData\Local\TemprZ3644.html C:\Users\AD\AppData\Local\TempGW3644.html C:\Users\AD\AppData\Local\TempJr4456.html C:\Users\AD\AppData\Local\TempWl4456.html C:\Users\AD\AppData\Local\TempUM3676.html C:\Users\AD\AppData\Local\TemphW3676.html C:\Users\AD\AppData\Local\TempNg3772.html C:\Users\AD\AppData\Local\TempDI3772.html C:\Users\AD\AppData\Local\TempRe3364.html C:\Users\AD\AppData\Local\TempVW3364.html C:\Users\AD\AppData\Local\TempTA3432.html C:\Users\AD\AppData\Local\TempWr3432.html C:\Users\AD\AppData\Local\TempzQ3472.html C:\Users\AD\AppData\Local\TempmO3472.html C:\Users\AD\AppData\Local\TempqH1376.html C:\Users\AD\AppData\Local\TempOm1376.html C:\Users\AD\AppData\Local\TempBI3892.html C:\Users\AD\AppData\Local\Temppz3892.html C:\Users\AD\AppData\Local\TempkC3464.html C:\Users\AD\AppData\Local\TempDT3464.html C:\Users\AD\AppData\Local\TempjM3512.html C:\Users\AD\AppData\Local\TempLC3512.html C:\Users\AD\AppData\Local\Temppb3896.html C:\Users\AD\AppData\Local\Tempid3896.html C:\Users\AD\AppData\Local\Tempmu4008.html C:\Users\AD\AppData\Local\TempNS4008.html C:\Users\AD\AppData\Local\Tempaf3956.html C:\Users\AD\AppData\Local\TempYm3956.html C:\Users\AD\AppData\Local\TempQJ3400.html C:\Users\AD\AppData\Local\Tempqd3400.html C:\Users\AD\AppData\Local\TempRh3460.html C:\Users\AD\AppData\Local\TempZX3460.html C:\Users\AD\AppData\Local\TempYM3992.html C:\Users\AD\AppData\Local\Tempvn3992.html C:\Users\AD\AppData\Local\TempRi3848.html C:\Users\AD\AppData\Local\Tempba3848.html C:\Users\AD\AppData\Local\Tempth3596.html C:\Users\AD\AppData\Local\TempBS3596.html C:\Users\AD\AppData\Local\TempqY3884.html C:\Users\AD\AppData\Local\TempyO3884.html C:\Users\AD\AppData\Local\Tempyh3856.html C:\Users\AD\AppData\Local\TempnZ3856.html C:\Users\AD\AppData\Local\TempFE3828.html C:\Users\AD\AppData\Local\TempYS3828.html C:\Users\AD\AppData\Local\TempQe3368.html C:\Users\AD\AppData\Local\TempPT3368.html C:\Users\AD\AppData\Local\TempMQ3120.html C:\Users\AD\AppData\Local\Tempzf3120.html C:\Users\AD\AppData\Local\TempoX3564.html C:\Users\AD\AppData\Local\Tempfp3564.html C:\Users\AD\AppData\Local\TempoB1444.html C:\Users\AD\AppData\Local\TempeS1444.html C:\Users\AD\AppData\Local\TempMB3900.html C:\Users\AD\AppData\Local\TempUI3900.html C:\Users\AD\AppData\Local\TempPo3860.html C:\Users\AD\AppData\Local\TempPA3860.html C:\Users\AD\AppData\Local\Tempck3780.html C:\Users\AD\AppData\Local\Tempkx3780.html C:\Users\AD\AppData\Local\TempJa1292.html C:\Users\AD\AppData\Local\TemplO1292.html C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blfC:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Załącz log z usuwania oraz nowe logi OTL i RSIT.
Kafar0z0 komentarz 20 czerwca 2010 Autor komentarz 20 czerwca 2010 Oto logi z usuwania: [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found. File C:\Program Files (x86)\XfireXO\tbXfir.dll not found. Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found. File C:\Program Files (x86)\XfireXO\tbXfir.dll not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "XfireXO Customized Web Search"FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119 removed from browser.search.selectedEngine Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" removed from extensions.enabledItems Folder C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\DTToolbar@toolbarnet.\ not found. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\logs folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\datastore folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-11-Mar-2010-21-17-52-GMT folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Mar-2010-17-48-36-GMT folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\toolbar@ask.com folder moved successfully. C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\askcom.xml moved successfully. C:\Users\AD\AppData\Roaming\Mozilla\FireFox\Profiles\7ol6ta0j.default\searchplugins\conduit.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found. File C:\Program Files (x86)\XfireXO\tbXfir.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found. File C:\Program Files (x86)\XfireXO\tbXfir.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. ADS C:\ProgramData\Temp:1ECED34B deleted successfully. ADS C:\ProgramData\Temp:2E49D185 deleted successfully. ADS C:\ProgramData\Temp:EE3A2438 deleted successfully. ADS C:\ProgramData\Temp:64170090 deleted successfully. ADS C:\ProgramData\Temp:123A86B5 deleted successfully. ADS C:\ProgramData\Temp:FAB64002 deleted successfully. ADS C:\ProgramData\Temp:6C75AF4C deleted successfully. ADS C:\ProgramData\Temp:AF4D7176 deleted successfully. ADS C:\ProgramData\Temp:04A88719 deleted successfully. ADS C:\ProgramData\Temp:8DA5A13A deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:49E1AC32 deleted successfully. ADS C:\ProgramData\Temp:1E26EE1D deleted successfully. ADS C:\ProgramData\Temp:1D4140C3 deleted successfully. ADS C:\ProgramData\Temp:95659AC5 deleted successfully. ADS C:\ProgramData\Temp:615E8DBB deleted successfully. ADS C:\ProgramData\Temp:3BA734DE deleted successfully. ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully. ADS C:\ProgramData\Temp:0E0E9645 deleted successfully. ADS C:\ProgramData\Temp:92D91D7E deleted successfully. ADS C:\ProgramData\Temp:7AB36AC8 deleted successfully. ADS C:\ProgramData\Temp:6247E766 deleted successfully. ADS C:\ProgramData\Temp:E6BA54F4 deleted successfully. ADS C:\ProgramData\Temp:4AC5AE3E deleted successfully. ADS C:\ProgramData\Temp:2E45FA8F deleted successfully. ADS C:\ProgramData\Temp:9A7BF72D deleted successfully. ADS C:\ProgramData\Temp:602146E4 deleted successfully. ADS C:\ProgramData\Temp:D5AB4AD5 deleted successfully. ADS C:\ProgramData\Temp:C3A1351B deleted successfully. ADS C:\ProgramData\Temp:3778F8BC deleted successfully. ADS C:\ProgramData\Temp:287E7337 deleted successfully. ADS C:\ProgramData\Temp:CFAE7666 deleted successfully. ADS C:\ProgramData\Temp:97C6B915 deleted successfully. ADS C:\ProgramData\Temp:90A2AD6F deleted successfully. ADS C:\ProgramData\Temp:599BCADA deleted successfully. ADS C:\ProgramData\Temp:409D7106 deleted successfully. ADS C:\ProgramData\Temp:FC836199 deleted successfully. ADS C:\ProgramData\Temp:FC1777D7 deleted successfully. ADS C:\ProgramData\Temp:E411AA0D deleted successfully. ADS C:\ProgramData\Temp:E3BD4B99 deleted successfully. ADS C:\ProgramData\Temp:A6F3094D deleted successfully. ADS C:\ProgramData\Temp:8B4B9596 deleted successfully. ADS C:\ProgramData\Temp:7BB47057 deleted successfully. ADS C:\ProgramData\Temp:62A22B09 deleted successfully. ADS C:\ProgramData\Temp:5A2D0810 deleted successfully. ADS C:\ProgramData\Temp:EF0C5444 deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. ADS C:\ProgramData\Temp:643C37D8 deleted successfully. ADS C:\ProgramData\Temp:D6BEA85D deleted successfully. ADS C:\ProgramData\Temp:BCDC6E07 deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:439A20A3 deleted successfully. ADS C:\ProgramData\Temp:FA78B902 deleted successfully. ADS C:\ProgramData\Temp:D632169E deleted successfully. ADS C:\ProgramData\Temp:717DE6A0 deleted successfully. ADS C:\ProgramData\Temp:90C12AC3 deleted successfully. ADS C:\ProgramData\Temp:8B4640AA deleted successfully. ADS C:\ProgramData\Temp:878ECA8B deleted successfully. ADS C:\ProgramData\Temp:F7CA538B deleted successfully. ADS C:\ProgramData\Temp:CB21167F deleted successfully. ADS C:\ProgramData\Temp:C0DFB793 deleted successfully. ADS C:\ProgramData\Temp:AF87C9F8 deleted successfully. ADS C:\ProgramData\Temp:701FCC18 deleted successfully. ADS C:\ProgramData\Temp:603FD11D deleted successfully. ADS C:\ProgramData\Temp:8678F6BD deleted successfully. ADS C:\ProgramData\Temp:7314FCCB deleted successfully. ADS C:\ProgramData\Temp:06E16783 deleted successfully. ADS C:\ProgramData\Temp:0309525F deleted successfully. ADS C:\ProgramData\Temp:52F4CBFF deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ADS C:\ProgramData\Temp:E07EA07E deleted successfully. ADS C:\ProgramData\Temp:BA21F28A deleted successfully. ADS C:\ProgramData\Temp:939A4172 deleted successfully. ADS C:\ProgramData\Temp:88C60511 deleted successfully. ADS C:\ProgramData\Temp:81D20369 deleted successfully. ADS C:\ProgramData\Temp:2BFCDF84 deleted successfully. ADS C:\ProgramData\Temp:E3C56885 deleted successfully. ADS C:\ProgramData\Temp:DB258930 deleted successfully. ADS C:\ProgramData\Temp:B2D21B9B deleted successfully. ADS C:\ProgramData\Temp:63387B59 deleted successfully. ADS C:\ProgramData\Temp:0355E87F deleted successfully. ADS C:\ProgramData\Temp:E1FFC9F3 deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. ADS C:\ProgramData\Temp:2FBB2B9B deleted successfully. ADS C:\ProgramData\Temp:FB65A4AA deleted successfully. ADS C:\ProgramData\Temp:FB4762D2 deleted successfully. ADS C:\ProgramData\Temp:E5946EFF deleted successfully. ADS C:\ProgramData\Temp:AF4CC666 deleted successfully. ADS C:\ProgramData\Temp:85B3C587 deleted successfully. ADS C:\ProgramData\Temp:2D0DFF22 deleted successfully. ADS C:\ProgramData\Temp:1D8B732A deleted successfully. ADS C:\ProgramData\Temp:08390D61 deleted successfully. ADS C:\ProgramData\Temp:DC9E0AAE deleted successfully. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. ADS C:\ProgramData\Temp:4E2A5A6D deleted successfully. ADS C:\ProgramData\Temp:488F7244 deleted successfully. ADS C:\ProgramData\Temp:444C53BA deleted successfully. ADS C:\ProgramData\Temp:41D1C7CB deleted successfully. ADS C:\ProgramData\Temp:F78518BB deleted successfully. ADS C:\ProgramData\Temp:D890DD02 deleted successfully. ADS C:\ProgramData\Temp:0C9CD455 deleted successfully. ADS C:\ProgramData\Temp:CA0CE093 deleted successfully. ADS C:\ProgramData\Temp:C552BEDE deleted successfully. ADS C:\ProgramData\Temp:5197985B deleted successfully. ADS C:\ProgramData\Temp:0A4803EE deleted successfully. ADS C:\ProgramData\Temp:C1F2FA44 deleted successfully. ADS C:\ProgramData\Temp:5D17C178 deleted successfully. ADS C:\ProgramData\Temp:14A7B409 deleted successfully. ADS C:\ProgramData\Temp:EDC68C62 deleted successfully. ADS C:\ProgramData\Temp:A18FA397 deleted successfully. ADS C:\ProgramData\Temp:89A5891E deleted successfully. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:3BD4D405 deleted successfully. ADS C:\ProgramData\Temp:21BB9E99 deleted successfully. ADS C:\ProgramData\Temp:9C8D5426 deleted successfully. ADS C:\ProgramData\Temp:9C31E38F deleted successfully. ADS C:\ProgramData\Temp:98DFF516 deleted successfully. ADS C:\ProgramData\Temp:7751B8B3 deleted successfully. ADS C:\ProgramData\Temp:AD780847 deleted successfully. ADS C:\ProgramData\Temp:7174C105 deleted successfully. ADS C:\ProgramData\Temp:441D63A8 deleted successfully. ADS C:\ProgramData\Temp:3AD6342E deleted successfully. ADS C:\ProgramData\Temp:22B52633 deleted successfully. ADS C:\ProgramData\Temp:A05F750A deleted successfully. ADS C:\ProgramData\Temp:A798EB56 deleted successfully. ADS C:\ProgramData\Temp:84CFEE62 deleted successfully. ADS C:\ProgramData\Temp:CD177A07 deleted successfully. ADS C:\ProgramData\Temp:3ADB6F65 deleted successfully. ADS C:\ProgramData\Temp:5FBC2BC4 deleted successfully. ADS C:\ProgramData\Temp:1E5EC928 deleted successfully. ADS C:\ProgramData\Temp:0D3CE40A deleted successfully. ADS C:\ProgramData\Temp:D8139E6A deleted successfully. ADS C:\ProgramData\Temp:3745E745 deleted successfully. ADS C:\ProgramData\Temp:FA206A00 deleted successfully. ADS C:\ProgramData\Temp:63B38619 deleted successfully. ========== FILES ========== C:\Windows\SysWow64\uc_wepic_launching.dll moved successfully. C:\Windows\SysWow64\uc_rohan_launching.dll moved successfully. C:\Windows\SysWow64\uc_neosteam_launching.dll moved successfully. C:\Windows\SysWow64\uc_sfighters_launching.dll moved successfully. C:\Windows\SysWow64\uc_luminary_launching.dll moved successfully. C:\Windows\SysWow64\ijjiSetup.exe moved successfully. C:\Windows\SysWow64\ijjiChannelingPlugin.dll moved successfully. C:\Windows\SysWow64\uc_holybeast_launching.dll moved successfully. C:\Windows\SysWow64\ijjiProcessRestarter.exe moved successfully. C:\Windows\SysWow64\uc_atlantica_launching.dll moved successfully. C:\Windows\SysWow64\ijjiPlugin2.dll moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\tos\terms folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\tos folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\styles\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\styles folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\scripts folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\es folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg\de folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang\msg folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\lang folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\includes folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\sub folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor\en\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\reactor folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main\thumb folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\main folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v5 folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\es folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup\de folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\popup folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\es folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide\de folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\guide folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\es\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\es folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\wepic folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sun folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfront folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfighters folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\rohan folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\neo folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\lunia folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\luminary folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\karos folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\karma folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\huxley folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\holybeast folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\gunz folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\drift folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\ava folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\atlantica folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en\ad folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\en folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\de\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor\de folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4\reactor folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images\v4 folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\images folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\styles\v5 folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\styles folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\scripts\jquery folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\common\scripts folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline\common folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR\offline folder moved successfully. C:\Program Files (x86)\ijji\ijji REACTOR folder moved successfully. C:\Program Files (x86)\ijji folder moved successfully. C:\Users\Public\Desktop\ijji.url moved successfully. C:\Users\AD\AppData\Local\TempzB3796.html moved successfully. C:\Users\AD\AppData\Local\TempyN3796.html moved successfully. C:\Users\AD\AppData\Local\TempXe4020.html moved successfully. C:\Users\AD\AppData\Local\TempZh4020.html moved successfully. C:\Users\AD\AppData\Local\Tempfy3752.html moved successfully. C:\Users\AD\AppData\Local\TempyS3752.html moved successfully. C:\Users\AD\AppData\Local\Temply3468.html moved successfully. C:\Users\AD\AppData\Local\Tempox3468.html moved successfully. C:\Users\AD\AppData\Local\TempsB3364.html moved successfully. C:\Users\AD\AppData\Local\TempBX3364.html moved successfully. C:\Users\AD\AppData\Local\Tempvv4464.html moved successfully. C:\Users\AD\AppData\Local\TempNT4464.html moved successfully. C:\Users\AD\AppData\Local\TempEk3500.html moved successfully. C:\Users\AD\AppData\Local\Tempjn3500.html moved successfully. C:\Users\AD\AppData\Local\TempYY3448.html moved successfully. C:\Users\AD\AppData\Local\TempCr3448.html moved successfully. C:\Users\AD\AppData\Local\TempQf3736.html moved successfully. C:\Users\AD\AppData\Local\TemppO3736.html moved successfully. C:\Users\AD\AppData\Local\TempTh3408.html moved successfully. C:\Users\AD\AppData\Local\TempvT3408.html moved successfully. C:\Users\AD\AppData\Local\Tempzq3660.html moved successfully. C:\Users\AD\AppData\Local\TempdY3660.html moved successfully. C:\Users\AD\AppData\Local\TempOG3420.html moved successfully. C:\Users\AD\AppData\Local\TempPM3420.html moved successfully. C:\Users\AD\AppData\Local\TempWk3476.html moved successfully. C:\Users\AD\AppData\Local\TempkH3476.html moved successfully. C:\Users\AD\AppData\Local\Tempel3380.html moved successfully. C:\Users\AD\AppData\Local\TempBz3380.html moved successfully. C:\Users\AD\AppData\Local\TempkJ3432.html moved successfully. C:\Users\AD\AppData\Local\TempHn3432.html moved successfully. C:\Users\AD\AppData\Local\TemprZ3644.html moved successfully. C:\Users\AD\AppData\Local\TempGW3644.html moved successfully. C:\Users\AD\AppData\Local\TempJr4456.html moved successfully. C:\Users\AD\AppData\Local\TempWl4456.html moved successfully. C:\Users\AD\AppData\Local\TempUM3676.html moved successfully. C:\Users\AD\AppData\Local\TemphW3676.html moved successfully. C:\Users\AD\AppData\Local\TempNg3772.html moved successfully. C:\Users\AD\AppData\Local\TempDI3772.html moved successfully. C:\Users\AD\AppData\Local\TempRe3364.html moved successfully. C:\Users\AD\AppData\Local\TempVW3364.html moved successfully. C:\Users\AD\AppData\Local\TempTA3432.html moved successfully. C:\Users\AD\AppData\Local\TempWr3432.html moved successfully. C:\Users\AD\AppData\Local\TempzQ3472.html moved successfully. C:\Users\AD\AppData\Local\TempmO3472.html moved successfully. C:\Users\AD\AppData\Local\TempqH1376.html moved successfully. C:\Users\AD\AppData\Local\TempOm1376.html moved successfully. C:\Users\AD\AppData\Local\TempBI3892.html moved successfully. C:\Users\AD\AppData\Local\Temppz3892.html moved successfully. C:\Users\AD\AppData\Local\TempkC3464.html moved successfully. C:\Users\AD\AppData\Local\TempDT3464.html moved successfully. C:\Users\AD\AppData\Local\TempjM3512.html moved successfully. C:\Users\AD\AppData\Local\TempLC3512.html moved successfully. C:\Users\AD\AppData\Local\Temppb3896.html moved successfully. C:\Users\AD\AppData\Local\Tempid3896.html moved successfully. C:\Users\AD\AppData\Local\Tempmu4008.html moved successfully. C:\Users\AD\AppData\Local\TempNS4008.html moved successfully. C:\Users\AD\AppData\Local\Tempaf3956.html moved successfully. C:\Users\AD\AppData\Local\TempYm3956.html moved successfully. C:\Users\AD\AppData\Local\TempQJ3400.html moved successfully. C:\Users\AD\AppData\Local\Tempqd3400.html moved successfully. C:\Users\AD\AppData\Local\TempRh3460.html moved successfully. C:\Users\AD\AppData\Local\TempZX3460.html moved successfully. C:\Users\AD\AppData\Local\TempYM3992.html moved successfully. C:\Users\AD\AppData\Local\Tempvn3992.html moved successfully. C:\Users\AD\AppData\Local\TempRi3848.html moved successfully. C:\Users\AD\AppData\Local\Tempba3848.html moved successfully. C:\Users\AD\AppData\Local\Tempth3596.html moved successfully. C:\Users\AD\AppData\Local\TempBS3596.html moved successfully. C:\Users\AD\AppData\Local\TempqY3884.html moved successfully. C:\Users\AD\AppData\Local\TempyO3884.html moved successfully. C:\Users\AD\AppData\Local\Tempyh3856.html moved successfully. C:\Users\AD\AppData\Local\TempnZ3856.html moved successfully. C:\Users\AD\AppData\Local\TempFE3828.html moved successfully. C:\Users\AD\AppData\Local\TempYS3828.html moved successfully. C:\Users\AD\AppData\Local\TempQe3368.html moved successfully. C:\Users\AD\AppData\Local\TempPT3368.html moved successfully. C:\Users\AD\AppData\Local\TempMQ3120.html moved successfully. C:\Users\AD\AppData\Local\Tempzf3120.html moved successfully. C:\Users\AD\AppData\Local\TempoX3564.html moved successfully. C:\Users\AD\AppData\Local\Tempfp3564.html moved successfully. C:\Users\AD\AppData\Local\TempoB1444.html moved successfully. C:\Users\AD\AppData\Local\TempeS1444.html moved successfully. C:\Users\AD\AppData\Local\TempMB3900.html moved successfully. C:\Users\AD\AppData\Local\TempUI3900.html moved successfully. C:\Users\AD\AppData\Local\TempPo3860.html moved successfully. C:\Users\AD\AppData\Local\TempPA3860.html moved successfully. C:\Users\AD\AppData\Local\Tempck3780.html moved successfully. C:\Users\AD\AppData\Local\Tempkx3780.html moved successfully. C:\Users\AD\AppData\Local\TempJa1292.html moved successfully. C:\Users\AD\AppData\Local\TemplO1292.html moved successfully. File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms scheduled to be moved on reboot. File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms scheduled to be moved on reboot. File\Folder C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blfC:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00. not found. File\Folder Wdf not found. ========== COMMANDS ========== [EMPTYTEMP] User: AD ->Temp folder emptied: 2244743221 bytes ->Temporary Internet Files folder emptied: 69983349 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 60838217 bytes ->Google Chrome cache emptied: 6168310 bytes ->Flash cache emptied: 18660 bytes User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ewa ->Temp folder emptied: 37925588 bytes ->Temporary Internet Files folder emptied: 49626653 bytes ->Java cache emptied: 39263 bytes ->FireFox cache emptied: 73473940 bytes ->Google Chrome cache emptied: 6138516 bytes ->Flash cache emptied: 45892 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 12587787 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes RecycleBin emptied: 5882280718 bytes Total Files Cleaned = 8 053,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06202010_214717 Files\Folders moved on Reboot... File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms scheduled to be moved on reboot. File move failed. C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms scheduled to be moved on reboot. C:\Users\AD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] [b]Logi OTL[/b] [log]OTL logfile created on: 2010-06-20 21:55:13 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,95 Gb Total Space | 249,16 Gb Free Space | 54,29% Space Free | Partition Type: NTFS Drive D: | 459,46 Gb Total Space | 421,50 Gb Free Space | 91,74% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AD-KOMPUTER Current User Name: AD Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#e56717"]========== Processes (SafeList) ==========[/color] PRC - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe PRC - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010-05-28 02:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe PRC - [2010-04-02 11:40:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-03-22 07:36:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe PRC - [2010-03-05 17:14:38 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe PRC - [2010-02-02 23:45:50 | 014,252,952 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files (x86)\ipla\ipla.exe PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2009-10-13 00:44:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009-09-29 12:31:58 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009-09-29 11:51:14 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009-09-10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009-08-18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009-08-12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009-08-04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009-07-14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009-06-05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [color="#e56717"]========== Modules (SafeList) ==========[/color] MOD - [2010-06-20 15:15:22 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\AD\Desktop\Pobieranie\OTL.exe MOD - [2010-05-28 02:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll MOD - [2009-09-29 12:32:24 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll MOD - [2009-07-14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-06-09 19:21:43 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV:[b]64bit:[/b] - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2009-07-04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010-05-03 23:12:00 | 003,584,240 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010-04-14 16:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010-03-12 17:47:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-03-05 17:14:41 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files (x86)\Thomson\ST330\service\st330service.exe -- (st330service) SRV - [2009-09-10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009-08-28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009-08-25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-08-13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009-06-05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel® [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-05-06 22:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2010-05-06 22:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2010-05-06 22:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2010-05-06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2010-05-06 22:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2010-03-13 10:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-03-03 14:08:17 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330) DRV:[b]64bit:[/b] - [2010-03-03 13:53:56 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS) DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:[b]64bit:[/b] - [2009-11-09 05:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:[b]64bit:[/b] - [2009-11-04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:[b]64bit:[/b] - [2009-11-04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:[b]64bit:[/b] - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:[b]64bit:[/b] - [2009-09-23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:[b]64bit:[/b] - [2009-08-24 15:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64) DRV:[b]64bit:[/b] - [2009-07-18 07:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:[b]64bit:[/b] - [2009-07-14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:[b]64bit:[/b] - [2009-07-13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-06-26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2009-06-20 00:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:[b]64bit:[/b] - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b]64bit:[/b] - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009-06-02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -- (mwlPSDVDisk) DRV - [2009-06-02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2009-06-02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -- (mwlPSDNServ) DRV - [2009-04-06 09:08:04 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2003-10-10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-10-10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_m5810&r=17360310lm06973454kj5qp9k39l2o"]http://homepage.acer...454kj5qp9k39l2o[/url] IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://alawar.pl"]http://alawar.pl[/url] IE - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010-03-07 00:12:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-06-19 11:03:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-06-19 11:03:16 | 000,000,000 | ---D | M] [2010-03-05 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Extensions [2010-06-20 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions [2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010-03-05 18:44:19 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010-06-07 14:08:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-06-07 14:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2009-07-02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [diagnostics] C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium) O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\oem\setEvent.exe File not found O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-3243869201-1601559229-3016938548-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\AD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-06-20 21:47:17 | 000,000,000 | ---D | C] -- C:\_OTL [2010-06-20 12:50:02 | 000,362,656 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe [2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll [2010-06-20 12:50:02 | 000,051,360 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll [2010-06-20 12:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN [2010-06-20 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Local\PMB Files [2010-06-20 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010-06-20 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010-06-20 07:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2010-06-19 21:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010-06-19 12:33:45 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2010-06-19 12:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2010-06-15 12:23:41 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\Skunk Studios [2010-06-15 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Explorer - Contraband Mystery [2010-06-15 12:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flux Family Secrets - The Rabbit Hole Collectors Edition [2010-06-13 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2010-06-12 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\AD\AppData\Roaming\PlayFirst [2010-06-11 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar [2010-06-11 08:01:25 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010-06-11 08:01:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010-06-11 08:01:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010-06-11 08:01:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010-06-11 08:01:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010-06-11 08:01:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010-06-11 08:01:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010-06-11 08:01:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010-06-11 08:01:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010-06-10 10:05:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll [2010-06-10 10:05:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll [2010-06-10 09:59:31 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010-06-10 09:59:31 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010-06-10 09:59:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010-06-10 09:59:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010-06-09 23:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FireGlow [2010-06-09 19:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-06-09 19:21:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-06-07 19:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\The Game Equation [2010-06-07 14:08:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010-06-07 14:08:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010-06-07 14:08:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [color="#e56717"]========== Files - Modified Within 30 Days ==========[/color] [2010-06-20 21:54:51 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-06-20 21:54:51 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-06-20 21:54:51 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-06-20 21:54:51 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-06-20 21:54:51 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-06-20 21:50:21 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\TemphS3856.html [2010-06-20 21:50:21 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempTr3856.html [2010-06-20 21:50:14 | 002,621,440 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT [2010-06-20 21:49:29 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-06-20 21:49:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-06-20 21:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-06-20 21:49:15 | 3163,877,376 | -HS- | M] () -- C:\hiberfil.sys [2010-06-20 21:48:30 | 033,458,680 | -H-- | M] () -- C:\Users\AD\AppData\Local\IconCache.db [2010-06-20 21:47:17 | 000,002,432 | ---- | M] () -- C:\Users\AD\AppData\Local\Tempcy3808.html [2010-06-20 21:47:17 | 000,002,089 | ---- | M] () -- C:\Users\AD\AppData\Local\TempCJ3808.html [2010-06-20 21:39:05 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-06-20 21:14:53 | 000,000,137 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.url [2010-06-20 21:14:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-06-20 21:14:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-06-20 07:50:43 | 000,001,015 | ---- | M] () -- C:\Users\AD\Desktop\SpeedFan.lnk [2010-06-20 07:50:42 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2010-06-19 23:32:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010-06-19 15:34:36 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-06-19 12:32:11 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk [2010-06-19 11:03:18 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2010-06-15 12:22:14 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk [2010-06-15 12:22:14 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk [2010-06-15 12:09:26 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk [2010-06-12 23:18:55 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Flower Paradise.lnk [2010-06-12 23:16:52 | 000,002,176 | ---- | M] () -- C:\Users\AD\Desktop\Season Match.lnk [2010-06-12 23:16:52 | 000,002,076 | ---- | M] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk [2010-06-12 21:49:27 | 000,002,190 | ---- | M] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk [2010-06-12 21:42:00 | 000,002,246 | ---- | M] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk [2010-06-11 14:44:30 | 000,339,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-06-09 01:07:17 | 000,002,204 | ---- | M] () -- C:\Users\AD\Desktop\Season Match 2.lnk [2010-06-07 14:08:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010-06-07 14:08:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010-06-07 14:08:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010-06-07 13:58:26 | 378,481,703 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms [2010-06-01 09:18:09 | 000,524,288 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms [2010-06-01 09:18:09 | 000,065,536 | -HS- | M] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf [2010-05-31 15:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2010-05-28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2010-05-28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2010-05-27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010-05-27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010-05-27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010-05-27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-06-20 21:50:21 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\TemphS3856.html [2010-06-20 21:50:21 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempTr3856.html [2010-06-20 21:14:53 | 000,000,137 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.url [2010-06-20 21:07:40 | 000,002,432 | ---- | C] () -- C:\Users\AD\AppData\Local\Tempcy3808.html [2010-06-20 21:07:40 | 000,002,089 | ---- | C] () -- C:\Users\AD\AppData\Local\TempCJ3808.html [2010-06-20 07:50:43 | 000,001,015 | ---- | C] () -- C:\Users\AD\Desktop\SpeedFan.lnk [2010-06-20 07:50:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2010-06-19 23:32:24 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Lost Lagoon The Trail of Destiny.lnk [2010-06-19 12:32:11 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk [2010-06-19 11:03:18 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2010-06-19 11:03:17 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010-06-15 12:22:14 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Play Explorer - Contraband Mystery.lnk [2010-06-15 12:22:14 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk [2010-06-15 12:09:26 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Flux Family Secrets - The Rabbit Hole Collectors Edition.lnk [2010-06-12 23:18:55 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Flower Paradise.lnk [2010-06-12 23:16:52 | 000,002,176 | ---- | C] () -- C:\Users\AD\Desktop\Season Match.lnk [2010-06-12 21:49:27 | 000,002,190 | ---- | C] () -- C:\Users\AD\Desktop\Rainbow Web 2.lnk [2010-06-12 21:49:27 | 000,002,076 | ---- | C] () -- C:\Users\AD\Desktop\AllGamesHome.com.lnk [2010-06-12 21:42:00 | 000,002,246 | ---- | C] () -- C:\Users\AD\Desktop\Herod's Lost Tomb.lnk [2010-06-09 01:07:17 | 000,002,204 | ---- | C] () -- C:\Users\AD\Desktop\Season Match 2.lnk [2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000002.regtrans-ms [2010-06-01 09:18:09 | 000,524,288 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TMContainer00000000000000000001.regtrans-ms [2010-06-01 09:18:09 | 000,065,536 | -HS- | C] () -- C:\Users\AD\NTUSER.DAT{c2b17820-6d4d-11df-a214-00016c70cb92}.TM.blf [2010-05-31 15:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010-05-28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2010-03-26 07:39:38 | 000,000,451 | ---- | C] () -- C:\Windows\wininit.ini [2010-03-23 16:30:44 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010-03-21 13:12:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-03-07 09:34:41 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll < End of report > [b]I ostatnie logi[/b] OTL Extras logfile created on: 2010-06-20 21:59:49 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\AD\Desktop\Pobieranie 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,95 Gb Total Space | 249,16 Gb Free Space | 54,29% Space Free | Partition Type: NTFS Drive D: | 459,46 Gb Total Space | 421,50 Gb Free Space | 91,74% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AD-KOMPUTER Current User Name: AD Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color="#e56717"]========== Authorized Applications List ==========[/color] [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "NVIDIA Drivers" = NVIDIA Drivers "SpeedTouch 330" = SpeedTouch 330 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170415-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{0049D352-1D20-4FFB-8EF6-81CFBDF3ADE5}" = Soul of the Ultimate Nation "{0638268c-b727-4f78-a92b-a4f68176e670}" = Nero 9 Essentials "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone "{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A "{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = SpellForce - Zakon Świtu "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{92C0EEE0-EA16-4B95-84B6-A060B589081B}" = Disciples II - Bunt Elfów "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "ALLConverter to 3GP_is1" = ALLConverter to 3GP "ALLConverter to PSP_is1" = ALLConverter to PSP "ALLPlayer_is1" = ALLPlayer V4.X "avast5" = avast! Free Antivirus "BFGC" = Big Fish Games: Game Manager "BFG-Explorer - Contraband Mystery" = Explorer: Contraband Mystery "BFG-Flux Family Secrets - The Rabbit Hole Collectors Edition" = Flux Family Secrets: The Rabbit Hole Collector's Edition "BitTorrent" = BitTorrent "Company of Heroes" = Company of Heroes "Flower Paradise" = Flower Paradise (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "Herod's Lost Tomb_is1" = Herod's Lost Tomb "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "ipla" = ipla 2.1.2 "iWinArcade" = iWin Games (remove only) "Lost Lagoon: The Trail of Destiny" = Lost Lagoon: The Trail of Destiny (remove only) "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Neverwinter Nights - Kingmaker" = BioWare Premium Module: Neverwinter Nights - Kingmaker "Neverwinter Nights - ShadowGuard" = BioWare Premium Module: Neverwinter Nights - ShadowGuard "Neverwinter Nights - Witch's Wake" = BioWare Premium Module: Neverwinter Nights - Witch's Wake "PowerISO" = PowerISO "Rainbow Web 2_is1" = Rainbow Web 2 "RealPlayer 12.0" = RealPlayer "Season Match 2_is1" = Season Match 2 "Season Match_is1" = Season Match "SpeedFan" = SpeedFan (remove only) "Spreng- und Abriss-Simulator" = Spreng- und Abriss-Simulator "SubEdit-Player_is1" = SubEdit-Player "Web Games Player Plugin" = Web Games Player Plugin "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "Xfire" = Xfire (remove only) "ZOODomino_is1" = ZOODomino [color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3243869201-1601559229-3016938548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-12 09:36:54 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 04:31:11 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 05:54:43 | Computer Name = AD-Komputer | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2010-06-13 14:12:42 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0x1158 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b204549107b Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 41db1e33-7717-11df-9fac-00016c70cb92 Error - 2010-06-13 14:20:48 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0xe94 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b25168b1357 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 636c9251-7718-11df-9fac-00016c70cb92 Error - 2010-06-13 14:35:08 | Computer Name = AD-Komputer | Source = Application Hang | ID = 1002 Description = Program BF1942.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: f20 Godzina rozpoczęcia: 01cb0b2666e58855 Godzina zakończenia: 92 Ścieżka aplikacji: d:\battlefield 1942\BF1942.exe Identyfikator raportu: Error - 2010-06-13 14:35:45 | Computer Name = AD-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Nazwa modułu powodującego błąd: BF1942.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x417564c4 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x002016fb Identyfikator procesu powodującego błąd: 0xf30 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb0b272fd760f0 Ścieżka aplikacji powodującej błąd: d:\battlefield 1942\BF1942.exe Ścieżka modułu powodującego błąd: d:\battlefield 1942\BF1942.exe Identyfikator raportu: 7a416e0a-771a-11df-9fac-00016c70cb92 Error - 2010-06-14 04:34:05 | Computer Name = AD-Komputer | Source = Google Update | ID = 20 Description = Error - 2010-06-14 05:15:09 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227 Description = Error - 2010-06-14 05:15:20 | Computer Name = AD-Komputer | Source = RasClient | ID = 20227 Description = [ System Events ] Error - 2010-04-22 07:39:16 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 07:39:28 | Computer Name = AD-Komputer | Source = BugCheck | ID = 1001 Description = Error - 2010-04-22 07:39:33 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 08:54:39 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 08:54:54 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 11:25:14 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 11:25:27 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 12:29:11 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error - 2010-04-22 12:29:25 | Computer Name = AD-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: prodrv06 prohlp02 prosync1 sfhlp01 Error - 2010-04-22 14:24:41 | Computer Name = AD-Komputer | Source = Application Popup | ID = 1060 Description = Ładowanie sterownika \SystemRoot\SysWow64\drivers\prodrv06.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. < End of report >[/log] [color="#ff0000"] //zapamiętaj, logi wstawiamy w tagi [log ] [/log ] //(bez spacji) //raaz[/color]
Tomek01 komentarz 20 czerwca 2010 komentarz 20 czerwca 2010 Zostały resztki. Do OTL wklej: [code]:Processes Explorer.exe :OTL FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" [2010-05-14 20:48:55 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd- 8211-c1d4caaccea3} [2010-03-30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. :Files C:\Users\AD\AppData\Local\TemphS3856.html C:\Users\AD\AppData\Local\TempTr3856.html C:\Users\AD\AppData\Local\Tempcy3808.html C:\Users\AD\AppData\Local\TempCJ3808.html C:\Users\Public\Desktop\ijji REACTOR.lnk :Commands [emptytemp] [/code] Załącz log z usuwania. Teraz powinno być czysto. Profilaktycznie wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
Kafar0z0 komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 [b]Log z usuwania[/b] [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Prefs.js: "XfireXO Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=" removed from keyword.URL Folder C:\Users\AD\AppData\Roaming\mozilla\Firefox\Profiles\7ol6ta0j.default\extensions\{5e5ab302-7f65-44cd-\ not found. C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. ========== FILES ========== C:\Users\AD\AppData\Local\TemphS3856.html moved successfully. C:\Users\AD\AppData\Local\TempTr3856.html moved successfully. C:\Users\AD\AppData\Local\Tempcy3808.html moved successfully. C:\Users\AD\AppData\Local\TempCJ3808.html moved successfully. C:\Users\Public\Desktop\ijji REACTOR.lnk moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AD ->Temp folder emptied: 223595 bytes ->Temporary Internet Files folder emptied: 205766 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 36593934 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 593 bytes User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ewa ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 35,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06212010_071531 Files\Folders moved on Reboot... C:\Users\AD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...[/log] [b]Raport M.A.M.[/b] [log]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-06-21 08:10:38 mbam-log-2010-06-21 (08-10-38).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 243870 Upłynęło: 28 minut(y), 54 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)[/log] Z doktora wyswitliło mi że mam dwa wirusy Tools.PackHack czy cos takiego [color="#ff0000"]//wstawiam w tagi [Log] //raaz[/color]
Kafar0z0 komentarz 22 czerwca 2010 Autor komentarz 22 czerwca 2010 Wielkie dzięki Mam nadzieje że to cos pomoże na ten wyłączający sie dźwięk
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.