tequs1 utworzono 21 grudnia 2010 utworzono 21 grudnia 2010 (edytowane) Witam! Jestem nowy na forum i trochę "zielony" w tej tematyce. Mam pewien problem od jakiegoś czasu, a mianowicie problem z procesami, które bardzo obciążają procesor. Procesor jest obciążony cały czas ponad 75% gdy nie mam włączonej żadnej gry, tylko programy takie jak Steam lub GG. Zrobiłem aktualizacje windowsa, przeskanowałem cały komputer różnymi programami anty wirusowymi itp. Jednak żadnej poprawy nie widzę. Byłem u kolegi, jego komputer o podobnej konfiguracji, z tym samym windows'em u niego procesor jest obciążony tylko 5%-10%. Myślę, że coś jest nie tak i proszę o pomoc, z góry dziekuję. Screen, teraz trochę zmalało, ale 60% to i tak dużo [URL=http://img121.imageshack.us/i/omgyr.png/][IMG]http://img121.imageshack.us/img121/3879/omgyr.th.png[/IMG][/URL] Uploaded with [URL=http://imageshack.us]ImageShack.us[/URL] Log OTL [log]ieOTL logfile created on: 2010-12-20 16:58:41 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\teq\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,60 Gb Total Space | 13,89 Gb Free Space | 23,70% Space Free | Partition Type: NTFS Drive D: | 119,36 Gb Total Space | 90,37 Gb Free Space | 75,72% Space Free | Partition Type: NTFS Drive E: | 120,13 Gb Total Space | 97,78 Gb Free Space | 81,39% Space Free | Partition Type: NTFS Computer Name: TEQ-PC | User Name: teq | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-12-20 16:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teq\Downloads\OTL.exe PRC - [2010-12-16 06:19:28 | 012,984,928 | ---- | M] (GG Network S.A.) -- D:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2010-12-10 18:44:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010-12-10 18:44:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-11-30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe PRC - [2010-11-17 15:08:49 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2010-11-17 14:07:37 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\steam.exe PRC - [2010-11-10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe PRC - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2010-10-22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-12-20 16:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teq\Downloads\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-09-29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010-11-17 15:08:49 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-12-06 10:17:24 | 000,169,656 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:[b]64bit:[/b] - [2010-11-26 10:11:08 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:[b]64bit:[/b] - [2010-11-14 16:09:44 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-11-09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2010-09-29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2010-09-29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-09-29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-09-13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:[b]64bit:[/b] - [2010-09-07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2010-09-07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2010-09-07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2010-08-19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2010-08-19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:[b]64bit:[/b] - [2010-08-16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010-07-09 13:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:[b]64bit:[/b] - [2010-03-22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-01-25 06:09:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:[b]64bit:[/b] - [2010-01-25 06:09:34 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:[b]64bit:[/b] - [2010-01-25 06:09:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:[b]64bit:[/b] - [2010-01-25 06:09:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2009-04-03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2008-06-18 04:20:32 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV - [2010-11-15 15:01:19 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://google.pl" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010-12-19 20:38:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-12-10 18:44:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-10 19:52:53 | 000,000,000 | ---D | M] [2010-11-14 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Extensions [2010-12-19 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Firefox\Profiles\uuyclrp4.default\extensions [2010-11-14 16:10:03 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Firefox\Profiles\uuyclrp4.default\extensions\DTToolbar@toolbarnet.com [2010-11-15 20:33:42 | 000,002,567 | ---- | M] () -- C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\askcom.xml [2010-11-14 16:10:01 | 000,002,059 | ---- | M] () -- C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\daemon-search.xml [2010-11-22 15:52:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-11-14 19:12:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-11-22 15:52:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-14 15:06:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010-11-22 15:52:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:[b]64bit:[/b] - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001..\Run: [Steam] D:\Gry\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{70652b13-f001-11df-960b-001fd09eddd0}\Shell - "" = AutoRun O33 - MountPoints2\{70652b13-f001-11df-960b-001fd09eddd0}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{b514e286-f8a1-11df-9f1c-001fd09eddd0}\Shell - "" = AutoRun O33 - MountPoints2\{b514e286-f8a1-11df-9f1c-001fd09eddd0}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Pliki programów (x86)\AVG\AVG10\avgchsva.exe File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Pliki programów (x86)\AVG\AVG10\avgrsa.exe File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - File not found MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () MsConfig:64bit - StartUpReg: [b]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: [b]ESL Wire[/b] - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig:64bit - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - D:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-12-20 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJack [2010-12-20 15:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010-12-19 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Malwarebytes [2010-12-19 23:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010-12-19 23:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-12-19 22:59:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010-12-19 22:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010-12-19 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AVG [2010-12-19 22:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-12-19 20:41:31 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AVG10 [2010-12-19 20:39:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010-12-19 20:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2010-12-19 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2010-12-19 20:38:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2010-12-19 20:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010-12-19 20:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010-12-19 19:38:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010-12-19 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Google [2010-12-14 19:58:17 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010-12-14 19:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative [2010-12-14 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Media Player Classic [2010-12-14 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\BESTplayer [2010-12-10 19:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010-12-10 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Winamp [2010-12-10 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\teq\Desktop\Muza [2010-12-09 19:53:05 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\Any Video Converter [2010-12-09 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AnvSoft [2010-12-09 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\OJOsoft Corporation [2010-12-08 19:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010-12-08 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\uTorrent [2010-12-08 18:50:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010-12-07 21:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALLPlayer [2010-12-07 21:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLPlayer [2010-12-07 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\ESL Wire Game Client [2010-12-07 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\Nowy folder [2010-12-07 14:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-12-07 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-12-07 14:30:55 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2010-12-07 14:30:50 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2010-12-07 14:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2010-12-07 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2010-12-07 14:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010-12-07 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010-12-07 14:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010-12-07 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010-12-07 14:14:21 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Adobe [2010-12-07 14:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010-12-05 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Microsoft Games [2010-12-02 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Ahead [2010-12-02 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Ahead [2010-12-02 15:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-12-01 14:27:48 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Rockstar Games [2010-11-22 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010-11-22 15:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010-11-22 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010-11-21 20:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2010-11-21 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\TrackMania [2010-11-15 21:26:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-11-15 20:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2010-11-15 20:05:31 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-11-15 16:05:41 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Diagnostics [2010-11-15 15:59:01 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2010-11-15 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-11-15 15:57:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-11-15 15:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2010-11-15 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Ventrilo [2010-11-15 14:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010-11-15 14:40:30 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010-11-15 14:40:30 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010-11-15 14:40:30 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010-11-15 14:40:30 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010-11-15 14:40:27 | 006,430,208 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe [2010-11-15 14:40:27 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010-11-15 14:40:27 | 000,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2010-11-15 14:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010-11-15 14:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-11-15 14:40:08 | 000,146,528 | ---- | C] (DeviceVM Inc.) -- C:\Windows\SysWow64\dvmurl.dll [2010-11-15 14:40:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-11-15 14:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility [2010-11-15 13:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2010-11-14 19:13:45 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\skypePM [2010-11-14 19:11:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010-11-14 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Skype [2010-11-14 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010-11-14 19:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010-11-14 16:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar [2010-11-14 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite [2010-11-14 16:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010-11-14 15:54:00 | 000,000,000 | ---D | C] -- C:\AMD [2010-11-14 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\ATI [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\ATI [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010-11-14 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010-11-14 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010-11-14 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010-11-14 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-11-14 15:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-11-14 15:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-11-14 15:33:36 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 [2010-11-14 15:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010-11-14 15:25:49 | 000,000,000 | ---D | C] -- C:\ATI [2010-11-14 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\ipla [2010-11-14 15:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla [2010-11-14 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ipla [2010-11-14 15:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2010-11-14 15:04:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-11-14 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Macromedia [2010-11-14 14:53:38 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Adobe [2010-11-14 14:52:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-11-14 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Mozilla [2010-11-14 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Mozilla [2010-11-14 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010-11-14 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-11-14 13:57:40 | 000,000,000 | R--D | C] -- C:\Users\teq\Searches [2010-11-14 13:57:32 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Identities [2010-11-14 13:57:30 | 000,000,000 | R--D | C] -- C:\Users\teq\Contacts [2010-11-14 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\VirtualStore [2010-11-14 13:57:23 | 000,000,000 | --SD | C] -- C:\Users\teq\AppData\Roaming\Microsoft [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Videos [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Saved Games [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Pictures [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Music [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Links [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Favorites [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Downloads [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Documents [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Desktop [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Ustawienia lokalne [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Temporary Internet Files [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Szablony [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\SendTo [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Recent [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\PrintHood [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\NetHood [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moje wideo [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moje obrazy [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Moje dokumenty [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moja muzyka [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Menu Start [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Historia [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Dane aplikacji [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Dane aplikacji [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Cookies [2010-11-14 13:57:23 | 000,000,000 | -H-D | C] -- C:\Users\teq\AppData [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Temp [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Microsoft [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Media Center Programs [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-11-14 13:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-11-14 13:49:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-11-14 13:49:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-11-14 13:48:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-11-14 13:48:07 | 000,000,000 | -HSD | C] -- C:\Boot [2010-11-14 13:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM [2010-11-09 22:20:56 | 000,382,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-12-20 16:48:50 | 000,002,979 | ---- | M] () -- C:\Users\teq\Desktop\HiJackThis.lnk [2010-12-20 16:13:27 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-12-20 16:13:27 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-12-20 16:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-12-20 16:07:41 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-12-20 16:07:18 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010-12-20 14:42:15 | 102,174,475 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010-12-19 22:07:29 | 000,001,181 | ---- | M] () -- C:\Users\teq\Desktop\AVG PC Tuneup 2011.lnk [2010-12-19 20:39:28 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010-12-19 20:39:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2010-12-19 20:39:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2010-12-19 18:13:55 | 000,002,304 | ---- | M] () -- C:\Users\teq\Desktop\Google Chrome.lnk [2010-12-10 20:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-12-10 20:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-12-10 20:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-12-10 20:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-12-10 20:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-12-10 19:53:18 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010-12-10 15:34:10 | 000,000,716 | ---- | M] () -- C:\Users\teq\Desktop\HLTooLz.LNK [2010-12-09 19:52:20 | 000,000,789 | ---- | M] () -- C:\Users\teq\Desktop\Any Video Converter.lnk [2010-12-09 19:49:23 | 000,003,584 | ---- | M] () -- C:\Users\teq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-08 19:31:16 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-12-08 18:48:52 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2010-12-07 21:52:48 | 000,001,023 | ---- | M] () -- C:\Users\teq\Desktop\ALLPlayer V4.5.lnk [2010-12-07 14:49:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-12-07 14:15:47 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader.lnk [2010-12-06 10:17:24 | 000,169,656 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2010-12-05 12:17:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-12-02 15:33:55 | 000,002,770 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010-11-29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010-11-29 14:14:55 | 000,000,693 | ---- | M] () -- C:\Users\teq\Desktop\Battlefield 1942.lnk [2010-11-26 10:11:08 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2010-11-25 18:29:11 | 000,000,535 | ---- | M] () -- C:\Windows\eReg.dat [2010-11-21 14:07:48 | 000,000,205 | ---- | M] () -- C:\Users\teq\Desktop\TrackMania Nations Forever.url [2010-11-15 21:34:22 | 000,000,017 | ---- | M] () -- C:\Users\teq\AppData\Local\resmon.resmoncfg [2010-11-15 21:26:06 | 307,027,071 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-11-15 21:15:33 | 000,000,905 | ---- | M] () -- C:\Users\teq\Desktop\Shaiya.lnk [2010-11-15 21:05:24 | 000,001,214 | ---- | M] () -- C:\Users\teq\Desktop\Need for Speed Undercover.lnk [2010-11-15 20:07:46 | 000,000,769 | ---- | M] () -- C:\Users\teq\Desktop\EVEREST Home Edition.lnk [2010-11-15 20:05:31 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010-11-15 16:07:40 | 000,000,222 | ---- | M] () -- C:\Users\teq\Desktop\Counter-Strike.url [2010-11-15 15:29:40 | 000,000,414 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010-11-15 15:01:16 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2010-11-14 19:13:50 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010-11-14 19:11:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-14 16:10:01 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-14 16:09:44 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-14 15:36:31 | 000,001,107 | ---- | M] () -- C:\Users\teq\Desktop\Ventrilo.lnk [2010-11-14 15:31:48 | 000,001,071 | ---- | M] () -- C:\Users\teq\Desktop\WinRAR.lnk [2010-11-14 15:24:32 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ipla.lnk [2010-11-14 15:05:58 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2010-11-14 15:02:41 | 000,000,203 | ---- | M] () -- C:\Users\teq\Desktop\Counter-Strike Source.url [2010-11-14 15:02:16 | 000,001,247 | ---- | M] () -- C:\Users\teq\Desktop\GTAIV.lnk [2010-11-14 14:09:23 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-14 14:04:01 | 000,000,901 | ---- | M] () -- C:\Users\teq\Desktop\Steam.lnk [2010-11-14 13:57:11 | 000,171,136 | RHS- | M] () -- C:\W7LDR [2010-11-14 13:53:35 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-11-14 13:53:35 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-11-14 13:51:37 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-11-14 13:48:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-20 16:48:50 | 000,002,979 | ---- | C] () -- C:\Users\teq\Desktop\HiJackThis.lnk [2010-12-20 14:42:15 | 102,174,475 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010-12-19 22:07:29 | 000,001,181 | ---- | C] () -- C:\Users\teq\Desktop\AVG PC Tuneup 2011.lnk [2010-12-19 20:39:28 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010-12-19 20:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2010-12-19 20:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2010-12-19 18:13:55 | 000,002,304 | ---- | C] () -- C:\Users\teq\Desktop\Google Chrome.lnk [2010-12-10 19:53:18 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010-12-10 15:34:10 | 000,000,716 | ---- | C] () -- C:\Users\teq\Desktop\HLTooLz.LNK [2010-12-09 19:52:20 | 000,000,789 | ---- | C] () -- C:\Users\teq\Desktop\Any Video Converter.lnk [2010-12-09 19:49:23 | 000,003,584 | ---- | C] () -- C:\Users\teq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-09 19:48:57 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010-12-08 19:31:16 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-12-07 21:52:48 | 000,001,023 | ---- | C] () -- C:\Users\teq\Desktop\ALLPlayer V4.5.lnk [2010-12-07 21:52:45 | 000,797,184 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax [2010-12-07 21:52:45 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-12-07 21:52:45 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2010-12-07 14:49:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010-12-07 14:30:54 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2010-12-07 14:15:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader.lnk [2010-12-05 12:17:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-12-02 15:33:55 | 000,002,770 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010-11-29 14:14:55 | 000,000,693 | ---- | C] () -- C:\Users\teq\Desktop\Battlefield 1942.lnk [2010-11-25 18:29:11 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat [2010-11-21 14:07:48 | 000,000,205 | ---- | C] () -- C:\Users\teq\Desktop\TrackMania Nations Forever.url [2010-11-15 21:34:22 | 000,000,017 | ---- | C] () -- C:\Users\teq\AppData\Local\resmon.resmoncfg [2010-11-15 21:26:06 | 307,027,071 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010-11-15 21:15:33 | 000,000,905 | ---- | C] () -- C:\Users\teq\Desktop\Shaiya.lnk [2010-11-15 21:05:24 | 000,001,214 | ---- | C] () -- C:\Users\teq\Desktop\Need for Speed Undercover.lnk [2010-11-15 20:07:46 | 000,000,769 | ---- | C] () -- C:\Users\teq\Desktop\EVEREST Home Edition.lnk [2010-11-15 20:05:31 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010-11-15 15:59:01 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2010-11-15 15:29:40 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-11-15 14:40:57 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss [2010-11-15 14:40:29 | 000,666,112 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll [2010-11-15 14:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010-11-14 19:13:50 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-11-14 19:11:26 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-14 16:10:01 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-14 16:09:44 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-14 15:36:31 | 000,001,107 | ---- | C] () -- C:\Users\teq\Desktop\Ventrilo.lnk [2010-11-14 15:31:48 | 000,001,071 | ---- | C] () -- C:\Users\teq\Desktop\WinRAR.lnk [2010-11-14 15:24:32 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ipla.lnk [2010-11-14 15:05:58 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2010-11-14 15:02:41 | 000,000,203 | ---- | C] () -- C:\Users\teq\Desktop\Counter-Strike Source.url [2010-11-14 15:02:34 | 000,000,222 | ---- | C] () -- C:\Users\teq\Desktop\Counter-Strike.url [2010-11-14 15:02:16 | 000,001,247 | ---- | C] () -- C:\Users\teq\Desktop\GTAIV.lnk [2010-11-14 14:09:23 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-14 14:04:01 | 000,000,901 | ---- | C] () -- C:\Users\teq\Desktop\Steam.lnk [2010-11-14 13:57:11 | 000,171,136 | RHS- | C] () -- C:\W7LDR [2010-11-14 13:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-11-14 13:49:08 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys [2010-11-14 13:48:08 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-11-14 13:48:07 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-12-09 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AnvSoft [2010-12-19 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AVG [2010-12-19 20:41:31 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AVG10 [2010-12-14 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\BESTplayer [2010-11-25 18:01:09 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite [2010-12-19 17:10:25 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 [2010-11-14 15:24:56 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\ipla [2010-12-14 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\uTorrent [2009-07-14 06:08:49 | 000,031,270 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-11-14 13:48:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-15 15:01:38 | 000,000,010 | ---- | M] () -- C:\csb.log [2010-12-20 16:07:18 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010-12-20 16:07:18 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys [2010-11-15 14:40:57 | 000,000,703 | ---- | M] () -- C:\RHDSetup.log [2010-11-14 13:57:11 | 000,171,136 | RHS- | M] () -- C:\W7LDR [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >[/log] OTL Extras [log]OTL Extras logfile created on: 2010-12-20 16:58:41 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\teq\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,60 Gb Total Space | 13,89 Gb Free Space | 23,70% Space Free | Partition Type: NTFS Drive D: | 119,36 Gb Total Space | 90,37 Gb Free Space | 75,72% Space Free | Partition Type: NTFS Drive E: | 120,13 Gb Total Space | 97,78 Gb Free Space | 81,39% Space Free | Partition Type: NTFS Computer Name: TEQ-PC | User Name: teq | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1797179490-3010039804-1124486631-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011 "{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64 "{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer "{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding "{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager "{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011 "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "AVG" = AVG 2011 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "ESL Wire_is1" = ESL Wire 1.9.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common "{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English "{54862F37-FB81-FDD7-0E47-8E01858213FD}" = Application Profiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy "{66EBD70F-A42C-475F-AEDF-277378151045}" = Nero 7 Essentials "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "Any Video Converter_is1" = Any Video Converter 3.1.2 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "ipla" = ipla 2.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "RealAlt_is1" = Real Alternative 2.0.2 "ST6UNST #1" = HLTooLz "ST6UNST #2" = HLTooLz (D:\Program Files (x86)\HLTooLz\) "Steam App 11020" = TrackMania Nations Forever "uTorrent" = µTorrent "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1797179490-3010039804-1124486631-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-19 15:37:36 | Computer Name = teq-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: Nie można odnaleźć określonego pliku. . Error - 2010-12-19 15:37:36 | Computer Name = teq-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support. System Error: Nie można odnaleźć określonego pliku. . Error - 2010-12-19 15:37:36 | Computer Name = teq-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed System Error: Nie można odnaleźć określonego pliku. . Error - 2010-12-19 15:40:36 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 15:40:36 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 17:39:01 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 17:39:01 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 18:01:09 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-20 02:09:51 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-20 09:35:59 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. [ Media Center Events ] Error - 2010-11-28 14:04:59 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 19:04:59 - Błąd podczas nawiązywania połączenia z Internetem. 19:04:59 - Nie można skontaktować się z serwerem.. Error - 2010-11-28 14:06:12 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 19:06:12 - Błąd podczas nawiązywania połączenia z Internetem. 19:06:12 - Nie można skontaktować się z serwerem.. Error - 2010-12-01 09:01:29 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 14:01:29 - Błąd podczas nawiązywania połączenia z Internetem. 14:01:29 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Klient śledzenia łączy rozproszonych niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Menedżer sesji Menedżera okien pulpitu niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7034 Description = Usługa Host systemu diagnostyki niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Autokonfiguracja sieci WLAN niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa modułu wyliczającego urządzenia przenośne niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-19 17:39:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Driver Foundation — User-mode Driver Framework niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-19 17:40:31 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Usługa Asystent zgodności programów, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2010-12-20 09:34:55 | Computer Name = teq-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 07:16:02 na ?2010-?12-?20 było nieoczekiwane. Error - 2010-12-20 10:53:27 | Computer Name = teq-PC | Source = bowser | ID = 8003 Description = Error - 2010-12-20 11:19:21 | Computer Name = teq-PC | Source = bowser | ID = 8003 Description = < End of report >[/log] RSIT log [log]Logfile of random's system information tool 1.08 (written by random/random) Run by teq at 2010-12-20 17:09:10 Microsoft Windows 7 Ultimate System drive C: has 14 GB (24%) free of 60 GB Total RAM: 4094 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:09:15, on 2010-12-20 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\teq\Downloads\OTL.exe C:\Users\teq\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\teq.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7201 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2010-11-04 2731360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2010-10-22 2745696] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=D:\Gry\Steam\steam.exe [2010-11-17 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-12-20 17:09:10 ----D---- C:\rsit 2010-12-20 17:09:10 ----D---- C:\Program Files (x86)\trend micro 2010-12-20 16:48:50 ----D---- C:\Program Files (x86)\HiJack 2010-12-20 15:53:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-12-20 15:48:17 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-12-20 15:37:17 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-12-20 15:37:12 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-12-20 15:37:11 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-12-20 15:37:09 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-12-20 15:36:59 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-12-20 15:36:42 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-12-20 15:36:41 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-12-20 15:36:41 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-12-20 15:36:40 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\licmgr10.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-12-20 15:36:35 ----A---- C:\Windows\SysWOW64\comctl32.dll 2010-12-20 15:36:32 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-12-20 15:36:28 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-12-20 15:36:27 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-12-20 15:36:19 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-12-20 15:36:19 ----A---- C:\Windows\explorer.exe 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskschd.dll 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskeng.exe 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskcomp.dll 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\schtasks.exe 2010-12-20 15:36:13 ----A---- C:\Windows\SysWOW64\ole32.dll 2010-12-20 15:36:11 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-12-20 15:36:11 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-12-20 15:36:09 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-12-20 15:36:09 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-12-20 15:36:03 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-12-20 15:36:01 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-12-20 15:36:00 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-12-20 15:35:59 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-12-20 15:35:58 ----A---- C:\Windows\SysWOW64\wmpmde.dll 2010-12-20 15:35:57 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-12-20 15:35:55 ----A---- C:\Windows\SysWOW64\webio.dll 2010-12-20 15:35:54 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-12-20 15:35:53 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-12-20 15:35:52 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll 2010-12-20 15:35:48 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-12-20 15:35:47 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-12-20 15:35:46 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-12-20 15:35:43 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-12-20 15:35:28 ----A---- C:\Windows\SysWOW64\sscore.dll 2010-12-20 15:35:16 ----A---- C:\Windows\SysWOW64\mfc40u.dll 2010-12-20 15:35:16 ----A---- C:\Windows\SysWOW64\mfc40.dll 2010-12-20 15:35:09 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-12-19 23:00:08 ----D---- C:\Users\teq\AppData\Roaming\Malwarebytes 2010-12-19 23:00:02 ----D---- C:\ProgramData\Malwarebytes 2010-12-19 23:00:02 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-12-19 22:59:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-12-19 22:08:29 ----D---- C:\Users\teq\AppData\Roaming\AVG 2010-12-19 22:07:37 ----AD---- C:\ProgramData\TEMP 2010-12-19 20:41:31 ----D---- C:\Users\teq\AppData\Roaming\AVG10 2010-12-19 20:39:43 ----HD---- C:\ProgramData\Common Files 2010-12-19 20:39:20 ----D---- C:\Windows\SysWOW64\drivers\AVG 2010-12-19 20:38:27 ----D---- C:\ProgramData\AVG10 2010-12-19 20:35:26 ----D---- C:\Program Files (x86)\AVG 2010-12-19 20:34:00 ----D---- C:\ProgramData\MFAData 2010-12-19 18:51:10 ----A---- C:\Windows\ntbtlog.txt 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\rmoc3260.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pndx5032.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pndx5016.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pncrt.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\msvcp71.dll 2010-12-14 19:58:16 ----D---- C:\Program Files (x86)\Real Alternative 2010-12-14 19:55:04 ----D---- C:\Users\teq\AppData\Roaming\Media Player Classic 2010-12-14 19:47:22 ----D---- C:\Users\teq\AppData\Roaming\BESTplayer 2010-12-10 19:53:17 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-12-10 19:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-12-10 19:52:43 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine 2010-12-10 19:52:41 ----D---- C:\Users\teq\AppData\Roaming\Winamp 2010-12-09 19:52:08 ----D---- C:\Users\teq\AppData\Roaming\AnvSoft 2010-12-09 19:48:57 ----A---- C:\Windows\SysWOW64\xvidvfw.dll 2010-12-08 19:31:16 ----D---- C:\Program Files (x86)\uTorrent 2010-12-08 19:27:25 ----D---- C:\Users\teq\AppData\Roaming\uTorrent 2010-12-08 18:50:23 ----D---- C:\Windows\pss 2010-12-07 21:52:45 ----D---- C:\ProgramData\ALLPlayer 2010-12-07 21:52:45 ----A---- C:\Windows\SysWOW64\xvidcore.dll 2010-12-07 21:52:45 ----A---- C:\Windows\SysWOW64\libFLAC.dll 2010-12-07 21:52:39 ----D---- C:\Program Files (x86)\ALLPlayer 2010-12-07 14:49:35 ----D---- C:\ProgramData\Alwil Software 2010-12-07 14:30:50 ----D---- C:\ProgramData\ESL Wire 2010-12-07 14:15:42 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-12-07 14:14:27 ----D---- C:\ProgramData\Adobe 2010-12-07 14:14:26 ----D---- C:\Program Files (x86)\Adobe 2010-12-07 14:14:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2010-12-07 14:13:51 ----D---- C:\ProgramData\McAfee 2010-12-02 15:28:05 ----D---- C:\Users\teq\AppData\Roaming\Ahead 2010-12-02 15:27:57 ----D---- C:\ProgramData\Ahead 2010-12-02 15:25:45 ----D---- C:\ProgramData\Nero 2010-12-02 15:25:45 ----D---- C:\Program Files (x86)\Nero 2010-12-02 15:25:45 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-12-02 15:24:43 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-12-02 15:24:43 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-11-22 15:53:32 ----D---- C:\ProgramData\Sun 2010-11-22 15:53:31 ----D---- C:\Program Files (x86)\Common Files\Java 2010-11-22 15:52:46 ----A---- C:\Windows\SysWOW64\javaws.exe 2010-11-22 15:52:46 ----A---- C:\Windows\SysWOW64\javaw.exe 2010-11-22 15:52:46 ----A---- C:\Windows\SysWOW64\java.exe 2010-11-22 15:52:46 ----A---- C:\Windows\SysWOW64\deployJava1.dll 2010-11-22 15:52:28 ----D---- C:\Program Files (x86)\Java 2010-11-21 20:25:48 ----D---- C:\ProgramData\TrackMania ======List of files/folders modified in the last 1 months====== 2010-12-20 17:09:10 ----RD---- C:\Program Files (x86) 2010-12-20 16:48:51 ----SHD---- C:\Windows\Installer 2010-12-20 16:48:36 ----SHD---- C:\System Volume Information 2010-12-20 16:31:19 ----D---- C:\Windows\Temp 2010-12-20 16:26:37 ----D---- C:\Windows\Microsoft.NET 2010-12-20 16:26:35 ----RSD---- C:\Windows\assembly 2010-12-20 16:08:44 ----D---- C:\Windows\Prefetch 2010-12-20 16:08:32 ----D---- C:\Windows\winsxs 2010-12-20 16:08:13 ----D---- C:\Windows\SysWOW64 2010-12-20 16:05:51 ----D---- C:\Windows\SysWOW64\pl-PL 2010-12-20 16:05:51 ----D---- C:\Windows\System32 2010-12-20 16:05:49 ----D---- C:\Windows\ehome 2010-12-20 16:05:48 ----D---- C:\Program Files (x86)\Windows Mail 2010-12-20 16:05:46 ----D---- C:\Windows 2010-12-20 16:05:44 ----D---- C:\Windows\inf 2010-12-20 16:05:44 ----D---- C:\Program Files (x86)\Windows Media Player 2010-12-20 16:05:43 ----D---- C:\Windows\SysWOW64\migration 2010-12-20 16:05:43 ----D---- C:\Program Files (x86)\Internet Explorer 2010-12-20 15:42:39 ----D---- C:\Windows\debug 2010-12-20 15:38:27 ----D---- C:\Windows\SoftwareDistribution 2010-12-20 15:29:56 ----D---- C:\Windows\Logs 2010-12-20 15:17:44 ----D---- C:\Windows\Tasks 2010-12-19 23:00:07 ----D---- C:\Windows\SysWOW64\drivers 2010-12-19 23:00:02 ----HD---- C:\ProgramData 2010-12-19 22:08:51 ----D---- C:\Windows\Downloaded Program Files 2010-12-19 17:10:25 ----D---- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 2010-12-17 15:31:41 ----D---- C:\Users\teq\AppData\Roaming\Skype 2010-12-17 15:31:28 ----D---- C:\Users\teq\AppData\Roaming\skypePM 2010-12-10 19:52:43 ----D---- C:\Program Files (x86)\Common Files 2010-12-10 18:44:09 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-12-10 15:33:45 ----N---- C:\Windows\Setup1.exe 2010-12-10 15:33:42 ----A---- C:\Windows\ST6UNST.EXE 2010-12-07 14:49:49 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-12-07 14:49:35 ----RD---- C:\Program Files 2010-12-07 14:22:18 ----SD---- C:\Users\teq\AppData\Roaming\Microsoft 2010-12-07 14:22:18 ----D---- C:\Users\teq\AppData\Roaming\Adobe 2010-12-05 14:11:08 ----SD---- C:\ProgramData\Microsoft 2010-11-25 18:26:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-11-25 18:25:10 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-11-25 18:01:09 ----D---- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [] R3 ESLvnic1;ESLvnic Virtual Network 64 Bit; C:\Windows\system32\DRIVERS\ESLvnic.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [] S2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [] S3 Andbus;LGE Android Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus64.sys [] S3 AndDiag;LGE Android USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag64.sys [] S3 AndGps;LGE Android USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps64.sys [] S3 ANDModem;LGE Android USB Modem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [] S3 apscy09j;apscy09j; C:\Windows\SysWOW64\drivers\apscy09j.sys [] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-11-15 20544] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RTL85n64;Sterownik urządzenia bezprzewodowego Realtek 8180/8185 Extensible 802.11; C:\Windows\system32\DRIVERS\RTL85n64.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------[/log] RSIT INFO [log]info.txt logfile of random's system information tool 1.08 2010-12-20 17:09:16 ======Uninstall list====== -->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001} ALLPlayer V4.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe" AMD USB Filter Driver-->MsiExec.exe /X{82809116-D1EE-443C-AE31-F19E709DDF7A} Any Video Converter 3.1.2-->"D:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe" Application Profiles-->MsiExec.exe /X{54862F37-FB81-FDD7-0E47-8E01858213FD} Archiwizator WinRAR-->D:\Program Files (x86)\WinRAR\uninstall.exe ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B} AVG PC Tuneup 2011-->"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\unins000.exe" Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9 Browser Configuration Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly Catalyst Control Center - Branding-->MsiExec.exe /I{DDA34038-89BD-4804-B0B8-DC48D5DFB463} DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe EVEREST Home Edition v2.20-->"D:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe" Gadu-Gadu 10-->D:\Program Files (x86)\Gadu-Gadu 10\Uninstall.exe HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} HLTooLz (D:\Program Files (x86)\HLTooLz\)-->C:\WINDOWS\st6unst.exe -n "D:\Program Files (x86)\HLTooLz\ST6UNST.000" HLTooLz-->C:\WINDOWS\st6unst.exe -n "D:\Program Files (x86)\HLTooLz\ST6UNST.LOG" ipla 2.2-->C:\Program Files (x86)\ipla\uninst.exe Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF} LG Android Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}\setup.exe" -runfromtemp -l0x0415 LG -removeonly LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8} Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.13)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Real Alternative 2.0.2-->"C:\Program Files (x86)\Real Alternative\unins000.exe" Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8} The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3} TrackMania Nations Forever-->"D:\Gry\Steam\steam.exe" steam://uninstall/11020 Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} Winamp-->"D:\Program Files (x86)\Winamp\UninstWA.exe" ======System event log====== Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Cryptographic Services weszła w stan stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20090714051424.262212-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Modules Installer weszła w stan stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20090714051424.168612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Software Protection weszła w stan stopped. Record Number: 3 Source Name: Service Control Manager Time Written: 20090714051424.059412-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Event Log weszła w stan stopped. Record Number: 2 Source Name: Service Control Manager Time Written: 20090714051424.012612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Volume Shadow Copy weszła w stan stopped. Record Number: 1 Source Name: Service Control Manager Time Written: 20090714051423.934612-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 1001 Message: Pakiet błędów , typ 0 Nazwa zdarzenia: PnPRequestAdditionalSoftware Odpowiedź: Niedostępny Identyfikator pliku Cab: 0 Sygnatura problemu: P1: x64 P2: HID\VID_0A81&PID_0101&REV_0110&MI_01&Col01 P3: 6.1.0.0 P4: 0415 P5: input.inf P6: * P7: P8: P9: P10: Dołączone pliki: Te pliki mogą być dostępne tutaj: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_caecabaf24de1c1bb6a801599ef82775d2c6cf0_cab_05ad2367 Symbol analizy: Ponowne sprawdzanie rozwiązania: 0 Identyfikator raportu: b15c9fbb-efed-11df-8ce0-e399eda6ca7f Stan raportu: 6 Record Number: 5 Source Name: Windows Error Reporting Time Written: 20101114125001.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20101114124950.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20101114124947.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101114124943.209295-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20101114124943.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4735 Message: Zmieniono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Zmienione atrybuty: Nazwa konta SAM: - Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101114124925.253664-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4731 Message: Utworzono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Nowa grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Atrybuty: Nazwa konta SAM: Operatorzy kopii zapasowych Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101114124925.238064-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x31ee6 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101114124924.894863-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101114124922.851259-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101114124922.804459-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\ATI Stream\bin\x86_64;C:\Program Files (x86)\ATI Stream\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6b02 "ATISTREAMSDKROOT"=C:\Program Files (x86)\ATI Stream\ -----------------EOF-----------------[/log]pomocy!
Tomek01 komentarz 21 grudnia 2010 komentarz 21 grudnia 2010 Edit... Odinstaluj Deamon Tool Toolbar i Ask toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" [2010-11-14 16:10:03 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Firefox\Profiles\uuyclrp4.default\extensions\DTToolbar@toolbarnet.com [2010-11-15 20:33:42 | 000,002,567 | ---- | M] () -- C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\askcom.xml [2010-11-14 16:10:01 | 000,002,059 | ---- | M] () -- C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\daemon-search.xml O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-1797179490-3010039804-1124486631-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4 :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.
tequs1 komentarz 22 grudnia 2010 Autor komentarz 22 grudnia 2010 Deamon Toll Tolbar juz ununąlem normalnie niestety(Programy-Odinstaluj) [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Ask.com" removed from browser.search.selectedEngine Folder C:\Users\teq\AppData\Roaming\mozilla\Firefox\Profiles\uuyclrp4.default\extensions\DTToolbar@toolbarnet.com\ not found. C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\askcom.xml moved successfully. C:\Users\teq\AppData\Roaming\Mozilla\FireFox\Profiles\uuyclrp4.default\searchplugins\daemon-search.xml moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. 64bit-Registry value HKEY_USERS\S-1-5-21-1797179490-3010039804-1124486631-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_USERS\S-1-5-21-1797179490-3010039804-1124486631-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully. Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 . ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: teq ->Temp folder emptied: 4866651 bytes ->Temporary Internet Files folder emptied: 9157641 bytes ->Java cache emptied: 5706 bytes ->FireFox cache emptied: 119938447 bytes ->Google Chrome cache emptied: 6314591 bytes ->Flash cache emptied: 1653 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 873 bytes Total Files Cleaned = 134,00 mb OTL by OldTimer - Version 3.2.17.4 log created on 12222010_103539 Files\Folders moved on Reboot... C:\Users\teq\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...[/log] [log]OTL logfile created on: 2010-12-22 10:48:55 - Run 2 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\teq\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,60 Gb Total Space | 12,81 Gb Free Space | 21,85% Space Free | Partition Type: NTFS Drive D: | 119,36 Gb Total Space | 83,62 Gb Free Space | 70,06% Space Free | Partition Type: NTFS Drive E: | 120,13 Gb Total Space | 97,78 Gb Free Space | 81,39% Space Free | Partition Type: NTFS Computer Name: TEQ-PC | User Name: teq | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-12-20 21:55:26 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-12-20 16:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teq\Downloads\OTL.exe PRC - [2010-12-10 18:44:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-11-17 14:07:37 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\steam.exe PRC - [2010-11-10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe PRC - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2010-10-22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-12-20 16:55:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teq\Downloads\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:[b]64bit:[/b] - [2010-09-29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010-12-20 21:55:26 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-11-17 15:08:49 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-12-06 10:17:24 | 000,169,656 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:[b]64bit:[/b] - [2010-11-26 10:11:08 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:[b]64bit:[/b] - [2010-11-14 16:09:44 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-11-09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2010-09-29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2010-09-29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-09-29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-09-13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:[b]64bit:[/b] - [2010-09-07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2010-09-07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2010-09-07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2010-08-19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2010-08-19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:[b]64bit:[/b] - [2010-08-16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010-07-09 13:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:[b]64bit:[/b] - [2010-03-22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-01-25 06:09:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:[b]64bit:[/b] - [2010-01-25 06:09:34 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:[b]64bit:[/b] - [2010-01-25 06:09:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:[b]64bit:[/b] - [2010-01-25 06:09:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2009-04-03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2008-06-18 04:20:32 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV - [2010-11-15 15:01:19 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://google.pl" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010-12-19 20:38:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-12-10 18:44:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-10 19:52:53 | 000,000,000 | ---D | M] [2010-11-14 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Extensions [2010-12-22 10:38:52 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\mozilla\Firefox\Profiles\uuyclrp4.default\extensions [2010-12-21 20:15:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-11-14 19:12:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-11-22 15:52:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-20 22:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-11-14 15:06:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] D:\Gry\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{70652b13-f001-11df-960b-001fd09eddd0}\Shell - "" = AutoRun O33 - MountPoints2\{70652b13-f001-11df-960b-001fd09eddd0}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{b514e286-f8a1-11df-9f1c-001fd09eddd0}\Shell - "" = AutoRun O33 - MountPoints2\{b514e286-f8a1-11df-9f1c-001fd09eddd0}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Pliki programów (x86)\AVG\AVG10\avgchsva.exe File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Pliki programów (x86)\AVG\AVG10\avgrsa.exe File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - File not found MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () MsConfig:64bit - StartUpReg: [b]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: [b]ESL Wire[/b] - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig:64bit - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - D:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-12-22 10:35:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010-12-22 10:27:09 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\ElevatedDiagnostics [2010-12-21 23:29:26 | 007,248,864 | ---- | C] (Activision Blizzard, Inc.) -- C:\Users\teq\Desktop\CoDWaW.exe [2010-12-21 23:21:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010-12-21 22:01:30 | 000,000,000 | ---D | C] -- C:\totalcmd [2010-12-21 22:01:30 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\GHISLER [2010-12-21 21:14:33 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Activision [2010-12-20 21:58:20 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\PunkBuster [2010-12-20 17:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010-12-20 17:09:10 | 000,000,000 | ---D | C] -- C:\rsit [2010-12-20 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJack [2010-12-20 15:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010-12-19 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Malwarebytes [2010-12-19 23:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010-12-19 23:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-12-19 22:59:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010-12-19 22:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010-12-19 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AVG [2010-12-19 22:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-12-19 20:41:31 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AVG10 [2010-12-19 20:39:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010-12-19 20:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2010-12-19 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2010-12-19 20:38:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2010-12-19 20:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010-12-19 20:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010-12-19 19:38:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010-12-19 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Google [2010-12-14 19:58:17 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010-12-14 19:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative [2010-12-14 19:55:04 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Media Player Classic [2010-12-14 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\BESTplayer [2010-12-10 19:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010-12-10 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Winamp [2010-12-10 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\teq\Desktop\Muza [2010-12-09 19:53:05 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\Any Video Converter [2010-12-09 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\AnvSoft [2010-12-09 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\OJOsoft Corporation [2010-12-08 19:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010-12-08 19:27:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\uTorrent [2010-12-08 18:50:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010-12-07 21:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ALLPlayer [2010-12-07 21:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLPlayer [2010-12-07 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\ESL Wire Game Client [2010-12-07 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\Nowy folder [2010-12-07 14:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-12-07 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-12-07 14:30:55 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2010-12-07 14:30:50 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2010-12-07 14:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2010-12-07 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire [2010-12-07 14:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010-12-07 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010-12-07 14:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010-12-07 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010-12-07 14:14:21 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Adobe [2010-12-07 14:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010-12-05 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Microsoft Games [2010-12-02 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Ahead [2010-12-02 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Ahead [2010-12-02 15:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010-12-02 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-12-01 14:27:48 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Rockstar Games [2010-11-22 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010-11-22 15:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010-11-22 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010-11-21 20:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2010-11-21 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\teq\Documents\TrackMania [2010-11-15 21:26:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-11-15 20:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2010-11-15 20:05:31 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-11-15 16:05:41 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Diagnostics [2010-11-15 15:59:01 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2010-11-15 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-11-15 15:57:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-11-15 15:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2010-11-15 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Ventrilo [2010-11-15 14:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010-11-15 14:40:30 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010-11-15 14:40:30 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010-11-15 14:40:30 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010-11-15 14:40:30 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010-11-15 14:40:27 | 006,430,208 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe [2010-11-15 14:40:27 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010-11-15 14:40:27 | 000,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2010-11-15 14:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010-11-15 14:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-11-15 14:40:08 | 000,146,528 | ---- | C] (DeviceVM Inc.) -- C:\Windows\SysWow64\dvmurl.dll [2010-11-15 14:40:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-11-15 14:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility [2010-11-15 13:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2010-11-14 19:13:45 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\skypePM [2010-11-14 19:11:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010-11-14 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Skype [2010-11-14 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010-11-14 19:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010-11-14 16:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar [2010-11-14 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite [2010-11-14 16:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010-11-14 15:54:00 | 000,000,000 | ---D | C] -- C:\AMD [2010-11-14 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\ATI [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\ATI [2010-11-14 15:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010-11-14 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010-11-14 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010-11-14 15:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010-11-14 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-11-14 15:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-11-14 15:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-11-14 15:33:36 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 [2010-11-14 15:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010-11-14 15:25:49 | 000,000,000 | ---D | C] -- C:\ATI [2010-11-14 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\ipla [2010-11-14 15:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla [2010-11-14 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ipla [2010-11-14 15:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2010-11-14 15:04:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-11-14 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Macromedia [2010-11-14 14:53:38 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Adobe [2010-11-14 14:52:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-11-14 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Mozilla [2010-11-14 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Mozilla [2010-11-14 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010-11-14 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-11-14 13:57:40 | 000,000,000 | R--D | C] -- C:\Users\teq\Searches [2010-11-14 13:57:32 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Identities [2010-11-14 13:57:30 | 000,000,000 | R--D | C] -- C:\Users\teq\Contacts [2010-11-14 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\VirtualStore [2010-11-14 13:57:23 | 000,000,000 | --SD | C] -- C:\Users\teq\AppData\Roaming\Microsoft [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Videos [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Saved Games [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Pictures [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Music [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Links [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Favorites [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Downloads [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Documents [2010-11-14 13:57:23 | 000,000,000 | R--D | C] -- C:\Users\teq\Desktop [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Ustawienia lokalne [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Temporary Internet Files [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Szablony [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\SendTo [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Recent [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\PrintHood [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\NetHood [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moje wideo [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moje obrazy [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Moje dokumenty [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Documents\Moja muzyka [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Menu Start [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Historia [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Dane aplikacji [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\AppData\Local\Dane aplikacji [2010-11-14 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\teq\Cookies [2010-11-14 13:57:23 | 000,000,000 | -H-D | C] -- C:\Users\teq\AppData [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Temp [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Local\Microsoft [2010-11-14 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\teq\AppData\Roaming\Media Center Programs [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-11-14 13:56:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-11-14 13:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-11-14 13:49:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-11-14 13:49:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-11-14 13:48:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-11-14 13:48:07 | 000,000,000 | -HSD | C] -- C:\Boot [2010-11-14 13:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM [2010-11-09 22:20:56 | 000,382,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-12-22 10:50:08 | 001,835,008 | -HS- | M] () -- C:\Users\teq\NTUSER.DAT [2010-12-22 10:44:45 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-12-22 10:44:45 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-12-22 10:37:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-12-22 10:37:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-12-22 10:37:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010-12-22 10:36:05 | 002,350,210 | -H-- | M] () -- C:\Users\teq\AppData\Local\IconCache.db [2010-12-22 10:12:08 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-12-22 10:05:44 | 102,298,878 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010-12-22 10:04:31 | 000,000,456 | ---- | M] () -- C:\Users\teq\Desktop\Call of Duty® World at War.lnk [2010-12-21 22:01:32 | 000,000,632 | ---- | M] () -- C:\Users\teq\Desktop\Total Commander.lnk [2010-12-21 21:27:27 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-12-21 21:07:14 | 000,682,280 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010-12-21 18:49:06 | 000,002,008 | ---- | M] () -- C:\Users\teq\Desktop\Gamma Control.lnk [2010-12-20 21:55:26 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010-12-20 16:07:41 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-12-19 22:07:29 | 000,001,181 | ---- | M] () -- C:\Users\teq\Desktop\AVG PC Tuneup 2011.lnk [2010-12-19 20:39:28 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010-12-19 20:39:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2010-12-19 20:39:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2010-12-19 18:13:55 | 000,002,304 | ---- | M] () -- C:\Users\teq\Desktop\Google Chrome.lnk [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\NOCLOSE.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF [2010-12-17 07:56:10 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF [2010-12-10 20:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-12-10 20:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-12-10 20:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-12-10 20:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-12-10 20:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-12-10 19:53:18 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010-12-10 15:34:10 | 000,000,716 | ---- | M] () -- C:\Users\teq\Desktop\HLTooLz.LNK [2010-12-09 19:52:20 | 000,000,789 | ---- | M] () -- C:\Users\teq\Desktop\Any Video Converter.lnk [2010-12-09 19:49:23 | 000,003,584 | ---- | M] () -- C:\Users\teq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-08 19:31:16 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-12-08 18:48:52 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2010-12-07 21:52:48 | 000,001,023 | ---- | M] () -- C:\Users\teq\Desktop\ALLPlayer V4.5.lnk [2010-12-07 14:49:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-12-07 14:15:47 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader.lnk [2010-12-06 10:17:24 | 000,169,656 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2010-12-05 12:17:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-12-02 15:33:55 | 000,002,770 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010-11-29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010-11-29 14:14:55 | 000,000,693 | ---- | M] () -- C:\Users\teq\Desktop\Battlefield 1942.lnk [2010-11-26 10:11:08 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2010-11-25 18:29:11 | 000,000,535 | ---- | M] () -- C:\Windows\eReg.dat [2010-11-21 14:07:48 | 000,000,205 | ---- | M] () -- C:\Users\teq\Desktop\TrackMania Nations Forever.url [2010-11-15 21:34:22 | 000,000,017 | ---- | M] () -- C:\Users\teq\AppData\Local\resmon.resmoncfg [2010-11-15 21:26:06 | 307,027,071 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010-11-15 21:15:33 | 000,000,905 | ---- | M] () -- C:\Users\teq\Desktop\Shaiya.lnk [2010-11-15 20:07:46 | 000,000,769 | ---- | M] () -- C:\Users\teq\Desktop\EVEREST Home Edition.lnk [2010-11-15 20:05:31 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010-11-15 16:07:40 | 000,000,222 | ---- | M] () -- C:\Users\teq\Desktop\Counter-Strike.url [2010-11-15 15:29:40 | 000,000,414 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010-11-15 15:01:16 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2010-11-14 19:11:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-14 16:10:01 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-14 16:09:44 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-14 15:36:31 | 000,001,107 | ---- | M] () -- C:\Users\teq\Desktop\Ventrilo.lnk [2010-11-14 15:31:48 | 000,001,071 | ---- | M] () -- C:\Users\teq\Desktop\WinRAR.lnk [2010-11-14 15:24:33 | 000,057,560 | ---- | M] () -- C:\Users\teq\AppData\Local\GDIPFONTCACHEV1.DAT [2010-11-14 15:24:32 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ipla.lnk [2010-11-14 15:05:58 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2010-11-14 15:02:41 | 000,000,203 | ---- | M] () -- C:\Users\teq\Desktop\Counter-Strike Source.url [2010-11-14 14:09:23 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-14 14:04:01 | 000,000,901 | ---- | M] () -- C:\Users\teq\Desktop\Steam.lnk [2010-11-14 13:57:47 | 000,524,288 | -HS- | M] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-11-14 13:57:47 | 000,524,288 | -HS- | M] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-11-14 13:57:47 | 000,065,536 | -HS- | M] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-11-14 13:57:23 | 000,000,020 | -HS- | M] () -- C:\Users\teq\ntuser.ini [2010-11-14 13:57:11 | 000,171,136 | RHS- | M] () -- C:\W7LDR [2010-11-14 13:53:35 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-11-14 13:53:35 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-11-14 13:51:37 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-11-14 13:48:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-22 10:05:44 | 102,298,878 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010-12-22 10:04:31 | 000,000,456 | ---- | C] () -- C:\Users\teq\Desktop\Call of Duty® World at War.lnk [2010-12-21 22:01:32 | 000,000,632 | ---- | C] () -- C:\Users\teq\Desktop\Total Commander.lnk [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2010-12-21 22:01:30 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2010-12-21 21:27:27 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-12-21 18:49:06 | 000,002,008 | ---- | C] () -- C:\Users\teq\Desktop\Gamma Control.lnk [2010-12-20 21:55:29 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-12-20 21:55:26 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010-12-20 21:55:26 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010-12-19 22:36:15 | 002,350,210 | -H-- | C] () -- C:\Users\teq\AppData\Local\IconCache.db [2010-12-19 22:07:29 | 000,001,181 | ---- | C] () -- C:\Users\teq\Desktop\AVG PC Tuneup 2011.lnk [2010-12-19 20:39:28 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010-12-19 20:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2010-12-19 20:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2010-12-19 18:13:55 | 000,002,304 | ---- | C] () -- C:\Users\teq\Desktop\Google Chrome.lnk [2010-12-10 19:53:18 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010-12-10 15:34:10 | 000,000,716 | ---- | C] () -- C:\Users\teq\Desktop\HLTooLz.LNK [2010-12-09 19:52:20 | 000,000,789 | ---- | C] () -- C:\Users\teq\Desktop\Any Video Converter.lnk [2010-12-09 19:49:23 | 000,003,584 | ---- | C] () -- C:\Users\teq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-09 19:48:57 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010-12-08 19:31:16 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-12-07 21:52:48 | 000,001,023 | ---- | C] () -- C:\Users\teq\Desktop\ALLPlayer V4.5.lnk [2010-12-07 21:52:45 | 000,797,184 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax [2010-12-07 21:52:45 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-12-07 21:52:45 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2010-12-07 14:49:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010-12-07 14:30:54 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2010-12-07 14:15:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader.lnk [2010-12-05 12:17:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-12-02 15:33:55 | 000,002,770 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010-11-29 14:14:55 | 000,000,693 | ---- | C] () -- C:\Users\teq\Desktop\Battlefield 1942.lnk [2010-11-25 18:29:11 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat [2010-11-21 14:07:48 | 000,000,205 | ---- | C] () -- C:\Users\teq\Desktop\TrackMania Nations Forever.url [2010-11-15 21:34:22 | 000,000,017 | ---- | C] () -- C:\Users\teq\AppData\Local\resmon.resmoncfg [2010-11-15 21:26:06 | 307,027,071 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010-11-15 21:15:33 | 000,000,905 | ---- | C] () -- C:\Users\teq\Desktop\Shaiya.lnk [2010-11-15 20:07:46 | 000,000,769 | ---- | C] () -- C:\Users\teq\Desktop\EVEREST Home Edition.lnk [2010-11-15 20:05:31 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010-11-15 15:59:01 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2010-11-15 15:29:40 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-11-15 14:40:57 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss [2010-11-15 14:40:29 | 000,666,112 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll [2010-11-15 14:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010-11-14 19:11:26 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-14 16:10:01 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-14 16:09:44 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-14 15:36:31 | 000,001,107 | ---- | C] () -- C:\Users\teq\Desktop\Ventrilo.lnk [2010-11-14 15:31:48 | 000,001,071 | ---- | C] () -- C:\Users\teq\Desktop\WinRAR.lnk [2010-11-14 15:24:33 | 000,057,560 | ---- | C] () -- C:\Users\teq\AppData\Local\GDIPFONTCACHEV1.DAT [2010-11-14 15:24:32 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ipla.lnk [2010-11-14 15:05:58 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2010-11-14 15:02:41 | 000,000,203 | ---- | C] () -- C:\Users\teq\Desktop\Counter-Strike Source.url [2010-11-14 15:02:34 | 000,000,222 | ---- | C] () -- C:\Users\teq\Desktop\Counter-Strike.url [2010-11-14 14:09:23 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-14 14:04:01 | 000,000,901 | ---- | C] () -- C:\Users\teq\Desktop\Steam.lnk [2010-11-14 13:57:23 | 000,524,288 | -HS- | C] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-11-14 13:57:23 | 000,524,288 | -HS- | C] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-11-14 13:57:23 | 000,262,144 | -HS- | C] () -- C:\Users\teq\ntuser.dat.LOG1 [2010-11-14 13:57:23 | 000,065,536 | -HS- | C] () -- C:\Users\teq\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-11-14 13:57:23 | 000,000,020 | -HS- | C] () -- C:\Users\teq\ntuser.ini [2010-11-14 13:57:23 | 000,000,000 | -HS- | C] () -- C:\Users\teq\ntuser.dat.LOG2 [2010-11-14 13:57:22 | 001,835,008 | -HS- | C] () -- C:\Users\teq\NTUSER.DAT [2010-11-14 13:57:11 | 000,171,136 | RHS- | C] () -- C:\W7LDR [2010-11-14 13:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-11-14 13:49:08 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys [2010-11-14 13:48:08 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-11-14 13:48:07 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2009-07-14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2009-07-14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2009-07-14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 03:34:57 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-12-09 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AnvSoft [2010-12-19 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AVG [2010-12-19 20:41:31 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\AVG10 [2010-12-14 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\BESTplayer [2010-11-25 18:01:09 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite [2010-12-19 17:10:25 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 [2010-12-21 22:01:30 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\GHISLER [2010-11-14 15:24:56 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\ipla [2010-12-21 20:35:35 | 000,000,000 | ---D | M] -- C:\Users\teq\AppData\Roaming\uTorrent [2010-12-22 10:28:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-11-14 13:48:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-15 15:01:38 | 000,000,010 | ---- | M] () -- C:\csb.log [2010-12-22 10:37:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010-12-22 10:37:05 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys [2010-11-15 14:40:57 | 000,000,703 | ---- | M] () -- C:\RHDSetup.log [2010-11-14 13:57:11 | 000,171,136 | RHS- | M] () -- C:\W7LDR [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report >[/log] [log]OTL Extras logfile created on: 2010-12-22 10:48:55 - Run 2 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\teq\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,60 Gb Total Space | 12,81 Gb Free Space | 21,85% Space Free | Partition Type: NTFS Drive D: | 119,36 Gb Total Space | 83,62 Gb Free Space | 70,06% Space Free | Partition Type: NTFS Drive E: | 120,13 Gb Total Space | 97,78 Gb Free Space | 81,39% Space Free | Partition Type: NTFS Computer Name: TEQ-PC | User Name: teq | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011 "{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64 "{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer "{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding "{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager "{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011 "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "AVG" = AVG 2011 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "ESL Wire_is1" = ESL Wire 1.9.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common "{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English "{54862F37-FB81-FDD7-0E47-8E01858213FD}" = Application Profiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy "{66EBD70F-A42C-475F-AEDF-277378151045}" = Nero 7 Essentials "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "Any Video Converter_is1" = Any Video Converter 3.1.2 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "ipla" = ipla 2.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "ST6UNST #1" = HLTooLz "ST6UNST #2" = HLTooLz (D:\Program Files (x86)\HLTooLz\) "Steam App 11020" = TrackMania Nations Forever "Totalcmd" = Total Commander (Remove or Repair) "uTorrent" = µTorrent "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-19 15:40:36 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 17:39:01 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 17:39:01 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-19 18:01:09 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-20 02:09:51 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-20 09:35:59 | Computer Name = teq-PC | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "D:\Gry\GTAIV\GTA\Grand Theft Auto IV\GTAIV.exe". Nie można odnaleźć zestawu zależnego Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2010-12-20 15:58:42 | Computer Name = teq-PC | Source = MsiInstaller | ID = 1013 Description = Error - 2010-12-20 16:32:43 | Computer Name = teq-PC | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Nazwa modułu powodującego błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001b1807 Identyfikator procesu powodującego błąd: 0x534 Godzina uruchomienia aplikacji powodującej błąd: 0x01cba084bdfadca0 Ścieżka aplikacji powodującej błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Ścieżka modułu powodującego błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Identyfikator raportu: 4b6cdc4e-0c78-11e0-a20c-00ff01000001 Error - 2010-12-20 16:34:24 | Computer Name = teq-PC | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Nazwa modułu powodującego błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001b1807 Identyfikator procesu powodującego błąd: 0x8e4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cba085346f51d6 Ścieżka aplikacji powodującej błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Ścieżka modułu powodującego błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Identyfikator raportu: 879c8a89-0c78-11e0-a20c-00ff01000001 Error - 2010-12-21 14:04:32 | Computer Name = teq-PC | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Nazwa modułu powodującego błąd: CoDWaW.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x48f00000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001b1807 Identyfikator procesu powodującego błąd: 0x13c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cba139734655e0 Ścieżka aplikacji powodującej błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Ścieżka modułu powodującego błąd: D:\Gry\Call of Duty - World at War\CoDWaW.exe Identyfikator raportu: c29b3394-0d2c-11e0-8384-00ff01000001 [ Media Center Events ] Error - 2010-11-28 14:04:59 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 19:04:59 - Błąd podczas nawiązywania połączenia z Internetem. 19:04:59 - Nie można skontaktować się z serwerem.. Error - 2010-11-28 14:06:12 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 19:06:12 - Błąd podczas nawiązywania połączenia z Internetem. 19:06:12 - Nie można skontaktować się z serwerem.. Error - 2010-12-01 09:01:29 | Computer Name = teq-PC | Source = MCUpdate | ID = 0 Description = 14:01:29 - Błąd podczas nawiązywania połączenia z Internetem. 14:01:29 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2010-12-22 05:26:39 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7031 Description = Usługa Zasilanie niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2010-12-22 05:26:39 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom ponownie komputer) po nieoczekiwanym zakończeniu usługi Plug and Play, ale ta akcja nie powiodła się przy następującym błędzie: %%1190. Error - 2010-12-22 05:26:39 | Computer Name = teq-PC | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom ponownie komputer) po nieoczekiwanym zakończeniu usługi Program uruchamiający proces serwera DCOM, ale ta akcja nie powiodła się przy następującym błędzie: %%1190. Error - 2010-12-22 05:28:09 | Computer Name = teq-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 10:26:39 na ?2010-?12-?22 było nieoczekiwane. Error - 2010-12-22 05:29:04 | Computer Name = teq-PC | Source = WMPNetworkSvc | ID = 866306 Description = Error - 2010-12-22 05:29:04 | Computer Name = teq-PC | Source = WMPNetworkSvc | ID = 866306 Description = Error - 2010-12-22 05:34:19 | Computer Name = teq-PC | Source = bowser | ID = 8003 Description = Error - 2010-12-22 05:38:11 | Computer Name = teq-PC | Source = WMPNetworkSvc | ID = 866306 Description = Error - 2010-12-22 05:38:11 | Computer Name = teq-PC | Source = WMPNetworkSvc | ID = 866306 Description = Error - 2010-12-22 05:48:54 | Computer Name = teq-PC | Source = bowser | ID = 8003 Description = < End of report >[/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by teq at 2010-12-22 10:56:49 Microsoft Windows 7 Ultimate System drive C: has 13 GB (22%) free of 60 GB Total RAM: 4094 MB (65% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:56:52, on 2010-12-22 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: D:\Gry\Steam\steam.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\teq\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\teq.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6996 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2010-11-04 2731360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2010-10-22 2745696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=D:\Gry\Steam\steam.exe [2010-11-17 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-12-22 10:35:39 ----D---- C:\_OTL 2010-12-21 23:21:38 ----D---- C:\Windows\Sun 2010-12-21 22:01:30 ----D---- C:\Users\teq\AppData\Roaming\GHISLER 2010-12-21 22:01:30 ----D---- C:\totalcmd 2010-12-21 22:01:30 ----A---- C:\Windows\UC.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\RAR.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\PKZIP.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\PKUNZIP.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\NOCLOSE.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\LHA.PIF 2010-12-21 22:01:30 ----A---- C:\Windows\ARJ.PIF 2010-12-20 22:32:48 ----A---- C:\Windows\SysWOW64\javaws.exe 2010-12-20 22:32:48 ----A---- C:\Windows\SysWOW64\javaw.exe 2010-12-20 22:32:48 ----A---- C:\Windows\SysWOW64\java.exe 2010-12-20 21:55:29 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe 2010-12-20 21:55:26 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe 2010-12-20 21:55:26 ----A---- C:\Windows\SysWOW64\pbsvc.exe 2010-12-20 21:27:43 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-12-20 21:27:43 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-12-20 21:27:42 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-12-20 21:27:41 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-12-20 21:27:40 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-12-20 21:27:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-12-20 21:27:39 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-12-20 21:27:38 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-12-20 21:27:37 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-12-20 21:27:36 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-12-20 21:27:34 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-12-20 21:27:34 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-12-20 21:27:34 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-12-20 21:27:33 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-12-20 21:27:32 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-12-20 21:27:32 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-12-20 21:27:31 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-12-20 21:27:30 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-12-20 21:27:29 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-12-20 21:27:29 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-12-20 21:27:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-12-20 21:27:28 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-12-20 21:27:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-12-20 21:27:27 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-12-20 21:27:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-12-20 21:27:26 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-12-20 21:27:26 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-12-20 21:27:25 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-12-20 21:27:25 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-12-20 21:27:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-12-20 21:27:24 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-12-20 21:27:23 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-12-20 21:27:22 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-12-20 21:27:22 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-12-20 21:27:21 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-12-20 21:27:21 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-12-20 21:27:21 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-12-20 21:27:19 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-12-20 21:27:19 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-12-20 21:27:18 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-12-20 21:27:18 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-12-20 21:27:17 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-12-20 21:27:08 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-12-20 21:27:08 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-12-20 21:27:08 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-12-20 21:27:06 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-12-20 21:27:06 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-12-20 21:08:45 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2010-12-20 21:08:44 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-12-20 17:09:10 ----D---- C:\rsit 2010-12-20 17:09:10 ----D---- C:\Program Files (x86)\trend micro 2010-12-20 16:48:50 ----D---- C:\Program Files (x86)\HiJack 2010-12-20 15:53:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-12-20 15:48:17 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-12-20 15:46:04 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-12-20 15:37:17 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-12-20 15:37:12 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-12-20 15:37:11 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-12-20 15:37:09 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-12-20 15:36:59 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-12-20 15:36:42 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-12-20 15:36:41 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-12-20 15:36:41 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-12-20 15:36:40 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-12-20 15:36:39 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\licmgr10.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-12-20 15:36:38 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-12-20 15:36:35 ----A---- C:\Windows\SysWOW64\comctl32.dll 2010-12-20 15:36:32 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-12-20 15:36:28 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-12-20 15:36:27 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-12-20 15:36:19 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-12-20 15:36:19 ----A---- C:\Windows\explorer.exe 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskschd.dll 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskeng.exe 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\taskcomp.dll 2010-12-20 15:36:16 ----A---- C:\Windows\SysWOW64\schtasks.exe 2010-12-20 15:36:13 ----A---- C:\Windows\SysWOW64\ole32.dll 2010-12-20 15:36:11 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-12-20 15:36:11 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-12-20 15:36:09 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-12-20 15:36:09 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-12-20 15:36:06 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-12-20 15:36:03 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-12-20 15:36:01 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-12-20 15:36:00 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-12-20 15:35:59 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-12-20 15:35:58 ----A---- C:\Windows\SysWOW64\wmpmde.dll 2010-12-20 15:35:57 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-12-20 15:35:55 ----A---- C:\Windows\SysWOW64\webio.dll 2010-12-20 15:35:54 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-12-20 15:35:53 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-12-20 15:35:52 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll 2010-12-20 15:35:48 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-12-20 15:35:47 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-12-20 15:35:46 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-12-20 15:35:43 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-12-20 15:35:28 ----A---- C:\Windows\SysWOW64\sscore.dll 2010-12-20 15:35:16 ----A---- C:\Windows\SysWOW64\mfc40u.dll 2010-12-20 15:35:16 ----A---- C:\Windows\SysWOW64\mfc40.dll 2010-12-20 15:35:09 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-12-19 23:00:08 ----D---- C:\Users\teq\AppData\Roaming\Malwarebytes 2010-12-19 23:00:02 ----D---- C:\ProgramData\Malwarebytes 2010-12-19 23:00:02 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-12-19 22:59:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-12-19 22:08:29 ----D---- C:\Users\teq\AppData\Roaming\AVG 2010-12-19 22:07:37 ----AD---- C:\ProgramData\TEMP 2010-12-19 20:41:31 ----D---- C:\Users\teq\AppData\Roaming\AVG10 2010-12-19 20:39:43 ----HD---- C:\ProgramData\Common Files 2010-12-19 20:39:20 ----D---- C:\Windows\SysWOW64\drivers\AVG 2010-12-19 20:38:27 ----D---- C:\ProgramData\AVG10 2010-12-19 20:35:26 ----D---- C:\Program Files (x86)\AVG 2010-12-19 20:34:00 ----D---- C:\ProgramData\MFAData 2010-12-19 18:51:10 ----A---- C:\Windows\ntbtlog.txt 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\rmoc3260.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pndx5032.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pndx5016.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\pncrt.dll 2010-12-14 19:58:17 ----A---- C:\Windows\SysWOW64\msvcp71.dll 2010-12-14 19:58:16 ----D---- C:\Program Files (x86)\Real Alternative 2010-12-14 19:55:04 ----D---- C:\Users\teq\AppData\Roaming\Media Player Classic 2010-12-14 19:47:22 ----D---- C:\Users\teq\AppData\Roaming\BESTplayer 2010-12-10 19:53:17 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-12-10 19:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-12-10 19:52:43 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine 2010-12-10 19:52:41 ----D---- C:\Users\teq\AppData\Roaming\Winamp 2010-12-09 19:52:08 ----D---- C:\Users\teq\AppData\Roaming\AnvSoft 2010-12-09 19:48:57 ----A---- C:\Windows\SysWOW64\xvidvfw.dll 2010-12-08 19:31:16 ----D---- C:\Program Files (x86)\uTorrent 2010-12-08 19:27:25 ----D---- C:\Users\teq\AppData\Roaming\uTorrent 2010-12-08 18:50:23 ----D---- C:\Windows\pss 2010-12-07 21:52:45 ----D---- C:\ProgramData\ALLPlayer 2010-12-07 21:52:45 ----A---- C:\Windows\SysWOW64\xvidcore.dll 2010-12-07 21:52:45 ----A---- C:\Windows\SysWOW64\libFLAC.dll 2010-12-07 21:52:39 ----D---- C:\Program Files (x86)\ALLPlayer 2010-12-07 14:49:35 ----D---- C:\ProgramData\Alwil Software 2010-12-07 14:30:50 ----D---- C:\ProgramData\ESL Wire 2010-12-07 14:15:42 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-12-07 14:14:27 ----D---- C:\ProgramData\Adobe 2010-12-07 14:14:26 ----D---- C:\Program Files (x86)\Adobe 2010-12-07 14:14:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2010-12-07 14:13:51 ----D---- C:\ProgramData\McAfee 2010-12-02 15:28:05 ----D---- C:\Users\teq\AppData\Roaming\Ahead 2010-12-02 15:27:57 ----D---- C:\ProgramData\Ahead 2010-12-02 15:25:45 ----D---- C:\ProgramData\Nero 2010-12-02 15:25:45 ----D---- C:\Program Files (x86)\Nero 2010-12-02 15:25:45 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-12-02 15:24:43 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-12-02 15:24:43 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll ======List of files/folders modified in the last 1 months====== 2010-12-22 10:38:02 ----D---- C:\Windows\Temp 2010-12-22 10:37:41 ----D---- C:\Windows\SysWOW64 2010-12-22 10:33:04 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar 2010-12-22 10:01:59 ----D---- C:\Windows\System32 2010-12-21 23:21:38 ----D---- C:\Windows 2010-12-21 23:21:16 ----D---- C:\Users\teq\AppData\Roaming\Skype 2010-12-21 21:27:27 ----HD---- C:\ProgramData 2010-12-21 21:27:10 ----D---- C:\Users\teq\AppData\Roaming\skypePM 2010-12-21 21:27:05 ----SHD---- C:\System Volume Information 2010-12-21 21:08:22 ----RSD---- C:\Windows\assembly 2010-12-21 21:07:14 ----SHD---- C:\Windows\Installer 2010-12-20 22:56:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-12-20 22:32:35 ----D---- C:\Program Files (x86)\Java 2010-12-20 21:27:12 ----D---- C:\Windows\Microsoft.NET 2010-12-20 21:08:46 ----D---- C:\Windows\Logs 2010-12-20 21:01:16 ----RD---- C:\Program Files (x86) 2010-12-20 16:08:44 ----D---- C:\Windows\Prefetch 2010-12-20 16:08:32 ----D---- C:\Windows\winsxs 2010-12-20 16:05:51 ----D---- C:\Windows\SysWOW64\pl-PL 2010-12-20 16:05:49 ----D---- C:\Windows\ehome 2010-12-20 16:05:48 ----D---- C:\Program Files (x86)\Windows Mail 2010-12-20 16:05:44 ----D---- C:\Windows\inf 2010-12-20 16:05:44 ----D---- C:\Program Files (x86)\Windows Media Player 2010-12-20 16:05:43 ----D---- C:\Windows\SysWOW64\migration 2010-12-20 16:05:43 ----D---- C:\Program Files (x86)\Internet Explorer 2010-12-20 15:42:39 ----D---- C:\Windows\debug 2010-12-20 15:38:27 ----D---- C:\Windows\SoftwareDistribution 2010-12-20 15:17:44 ----D---- C:\Windows\Tasks 2010-12-19 23:00:07 ----D---- C:\Windows\SysWOW64\drivers 2010-12-19 22:08:51 ----D---- C:\Windows\Downloaded Program Files 2010-12-19 17:10:25 ----D---- C:\Users\teq\AppData\Roaming\Gadu-Gadu 10 2010-12-10 19:52:43 ----D---- C:\Program Files (x86)\Common Files 2010-12-10 18:44:09 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-12-10 15:33:45 ----N---- C:\Windows\Setup1.exe 2010-12-10 15:33:42 ----A---- C:\Windows\ST6UNST.EXE 2010-12-07 14:49:49 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-12-07 14:49:35 ----RD---- C:\Program Files 2010-12-07 14:22:18 ----SD---- C:\Users\teq\AppData\Roaming\Microsoft 2010-12-07 14:22:18 ----D---- C:\Users\teq\AppData\Roaming\Adobe 2010-12-05 14:11:08 ----SD---- C:\ProgramData\Microsoft 2010-12-01 14:32:01 ----D---- C:\ProgramData\TrackMania 2010-11-25 18:25:10 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-11-25 18:01:09 ----D---- C:\Users\teq\AppData\Roaming\DAEMON Tools Lite ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [] R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [] R3 ESLvnic1;ESLvnic Virtual Network 64 Bit; C:\Windows\system32\DRIVERS\ESLvnic.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [] S3 a8b1mcws;a8b1mcws; C:\Windows\SysWOW64\drivers\a8b1mcws.sys [] S3 Andbus;LGE Android Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus64.sys [] S3 AndDiag;LGE Android USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag64.sys [] S3 AndGps;LGE Android USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps64.sys [] S3 ANDModem;LGE Android USB Modem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-11-15 20544] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RTL85n64;Sterownik urządzenia bezprzewodowego Realtek 8180/8185 Extensible 802.11; C:\Windows\system32\DRIVERS\RTL85n64.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-12-20 66872] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------[/log] Malware, usunąlem zainfekowane [log]Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Wersja bazy: 5358 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-12-22 11:35:04 mbam-log-2010-12-22 (11-35-04).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 284070 Upłynęło: 34 minut(y), 52 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 4 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 6 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: e:\downloads\Rózne\battlefield_1942_no-cd_patch\bf1942_nocd.exe (Trojan.Bancos) -> Quarantined and deleted successfully. e:\downloads\Rózne\guitar pro 5\guitar_pro_v5.1__cracked_\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. e:\downloads\Rózne\longjuyt2_up_by_mrcybuch\spolszczenie longjuyt2\metin_longjuyt2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. e:\downloads\Rózne\metin_longjuyt2_new!_up_by_mrcybuch\metin_longjuyt2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. e:\downloads\Rózne\NX06_1\nowy folder\ventrilo-2.1.4-windows-i386.exe (Trojan.Dropper) -> Quarantined and deleted successfully. e:\RECYCLER\s-1-5-21-1229272821-839522115-725345543-1003\De5\a2uploader.exe (Spyware.PWS) -> Quarantined and deleted successfully.[/log] Zaraz dorzuce DrWebNie chce robić formata ( nic innego chyba nie pozostaje...windows aktualizuje cały czas ale nic z tego, problem cały czas jest i nie zamierza odejść
Tomek01 komentarz 22 grudnia 2010 komentarz 22 grudnia 2010 Pokaż mi zrzut z programu: [url="http://www.programosy.pl/program,process-monitor.html"][color="#0000FF"][b]Process Monitor[/b][/color][/url] [code] :Processes Explorer.exe :OTL IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) :Files C:\Program Files (x86)\DAEMON Tools Toolbar :Commands [emptytemp] [start explorer] [Reboot][/code] RunFix... Zestaw logów.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.