jstat utworzono 1 lutego 2011 utworzono 1 lutego 2011 (edytowane) [LOG]Logfile of random's system information tool 1.08 (written by random/random) Run by PARADOX at 2011-02-01 18:37:36 Microsoft Windows 7 Ultimate System drive C: has 4 GB (27%) free of 15 GB Total RAM: 2046 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:37:56, on 2011-02-01 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WapSter\WapSter AQQ\AQQ.exe G:\Program Files\uTorrent\uTorrent.exe C:\Windows\Explorer.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe G:\Program Files\AVG\AVG10\avgtray.exe G:\Program Files\AVG\AVG10\avgui.exe G:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe G:\Program Files\AVG\AVG10\avgscanx.exe C:\Windows\system32\conhost.exe G:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\PARADOX\Desktop\RSIT.exe C:\Program Files\trend micro\PARADOX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file) O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG10\avgwdsvc.exe -- End of file - 3872 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - G:\Program Files\AVG\AVG10\avgssie.dll [2011-01-07 2731872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-25 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288] "AVG_TRAY"=G:\Program Files\AVG\AVG10\avgtray.exe [2011-01-07 2747744] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] "AQQ"=C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2011-01-21 8990720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-02-01 18:37:36 ----D---- C:\rsit 2011-02-01 18:33:36 ----D---- C:\Users\PARADOX\AppData\Roaming\AVG10 2011-02-01 18:33:15 ----HD---- C:\ProgramData\Common Files 2011-02-01 18:32:26 ----D---- C:\Windows\system32\drivers\AVG 2011-02-01 18:32:26 ----D---- C:\ProgramData\AVG10 2011-02-01 18:31:00 ----D---- C:\ProgramData\MFAData 2011-02-01 18:12:04 ----D---- C:\Program Files\Trend Micro 2011-02-01 18:04:17 ----D---- C:\Windows\temp 2011-02-01 18:04:15 ----A---- C:\ComboFix.txt 2011-02-01 18:03:45 ----SHD---- C:\$RECYCLE.BIN 2011-02-01 17:59:30 ----A---- C:\Windows\zip.exe 2011-02-01 17:59:30 ----A---- C:\Windows\SWSC.exe 2011-02-01 17:59:30 ----A---- C:\Windows\SWREG.exe 2011-02-01 17:59:30 ----A---- C:\Windows\sed.exe 2011-02-01 17:59:30 ----A---- C:\Windows\PEV.exe 2011-02-01 17:59:30 ----A---- C:\Windows\NIRCMD.exe 2011-02-01 17:59:30 ----A---- C:\Windows\MBR.exe 2011-02-01 17:59:30 ----A---- C:\Windows\grep.exe 2011-02-01 17:59:06 ----A---- C:\Windows\SWXCACLS.exe 2011-02-01 17:59:04 ----D---- C:\32788R22FWJFW 2011-02-01 17:58:27 ----D---- C:\Windows\ERDNT 2011-02-01 17:57:38 ----D---- C:\Qoobox 2011-02-01 16:28:00 ----D---- C:\Users\PARADOX\AppData\Roaming\uTorrent 2011-02-01 16:25:33 ----D---- C:\Users\PARADOX\AppData\Roaming\ImgBurn 2011-01-30 19:57:28 ----D---- C:\Program Files\TP 2011-01-30 19:57:19 ----A---- C:\Windows\uninst.exe 2011-01-30 19:57:15 ----RASH---- C:\MSDOS.SYS 2011-01-30 19:57:15 ----RASH---- C:\IO.SYS 2011-01-29 00:00:53 ----D---- C:\ProgramData\Adobe 2011-01-28 23:29:43 ----D---- C:\Program Files\Common Files\Adobe 2011-01-28 22:09:20 ----D---- C:\Users\PARADOX\AppData\Roaming\FileZilla 2011-01-28 20:59:42 ----D---- C:\Users\PARADOX\AppData\Roaming\skypePM 2011-01-28 20:57:33 ----D---- C:\Program Files\Common Files\Skype 2011-01-28 20:57:32 ----RD---- C:\Program Files\Skype 2011-01-28 20:57:32 ----D---- C:\Users\PARADOX\AppData\Roaming\Skype 2011-01-28 20:57:31 ----D---- C:\ProgramData\Skype 2011-01-28 01:45:10 ----A---- C:\Windows\system32\XAudio2_2.dll 2011-01-28 01:45:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2011-01-28 01:45:10 ----A---- C:\Windows\system32\d3dx10_39.dll 2011-01-28 01:45:10 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2011-01-28 01:45:09 ----A---- C:\Windows\system32\D3DX9_39.dll 2011-01-28 01:41:52 ----HD---- C:\Program Files\InstallShield Installation Information 2011-01-28 00:26:09 ----D---- C:\Users\PARADOX\AppData\Roaming\Mozilla 2011-01-27 23:35:48 ----D---- C:\Windows\Sun 2011-01-27 23:21:05 ----D---- C:\ProgramData\PMB Files 2011-01-27 23:20:39 ----D---- C:\Program Files\Pando Networks 2011-01-27 21:01:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Leadertech 2011-01-26 21:26:44 ----D---- C:\ProgramData\Sports Interactive 2011-01-26 21:26:19 ----D---- C:\Users\PARADOX\AppData\Roaming\Sports Interactive 2011-01-26 19:48:04 ----D---- C:\Users\PARADOX\AppData\Roaming\TS3Client 2011-01-26 16:12:25 ----A---- C:\Windows\system32\yv12vfw.dll 2011-01-26 16:12:25 ----A---- C:\Windows\system32\xvidvfw.dll 2011-01-26 16:12:25 ----A---- C:\Windows\system32\xvidcore.dll 2011-01-26 16:12:25 ----A---- C:\Windows\system32\unrar.dll 2011-01-26 16:12:25 ----A---- C:\Windows\avisplitter.ini 2011-01-26 16:12:24 ----A---- C:\Windows\system32\ff_vfw.dll.manifest 2011-01-26 16:12:24 ----A---- C:\Windows\system32\ff_vfw.dll 2011-01-26 01:02:25 ----D---- C:\Program Files\CCleaner 2011-01-26 00:57:46 ----D---- C:\Users\PARADOX\AppData\Roaming\RDRM 2011-01-26 00:57:46 ----D---- C:\Users\PARADOX\AppData\Roaming\ipla 2011-01-26 00:57:46 ----D---- C:\ProgramData\ipla 2011-01-26 00:57:30 ----A---- C:\Windows\system32\msvcr71.dll 2011-01-26 00:57:30 ----A---- C:\Windows\system32\mfc71.dll 2011-01-26 00:57:30 ----A---- C:\Windows\system32\gdiplus.dll 2011-01-25 21:49:26 ----D---- C:\Windows\Panther 2011-01-25 21:49:14 ----RASH---- C:\BOOTSECT.BAK 2011-01-25 21:49:12 ----D---- C:\Boot 2011-01-25 21:45:46 ----D---- C:\Users\PARADOX\AppData\Roaming\.minecraft server 2011-01-25 21:35:53 ----D---- C:\Users\PARADOX\AppData\Roaming\.minecraft 2011-01-25 21:35:53 ----D---- C:\ProgramData\Sun 2011-01-25 21:35:53 ----D---- C:\Program Files\Common Files\Java 2011-01-25 21:35:45 ----A---- C:\Windows\system32\javaws.exe 2011-01-25 21:35:45 ----A---- C:\Windows\system32\javaw.exe 2011-01-25 21:35:45 ----A---- C:\Windows\system32\java.exe 2011-01-25 21:35:45 ----A---- C:\Windows\system32\deployJava1.dll 2011-01-25 21:35:41 ----D---- C:\Program Files\Java 2011-01-25 21:29:57 ----D---- C:\Users\PARADOX\AppData\Roaming\WinRAR 2011-01-25 21:14:35 ----D---- C:\Users\PARADOX\AppData\Roaming\AnvSoft 2011-01-25 21:04:50 ----D---- C:\Program Files\vShare 2011-01-25 20:47:59 ----D---- C:\Program Files\WapSter 2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAudio2_4.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAudio2_3.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\xactengine3_4.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\xactengine3_3.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DX9_41.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DX9_40.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\d3dx10_41.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\d3dx10_40.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2011-01-25 19:40:49 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAudio2_1.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAudio2_0.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_2.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_1.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine3_0.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\xactengine2_10.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DX9_38.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DX9_37.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx9_36.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_38.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_37.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\d3dx10_36.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2011-01-25 19:40:48 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xinput1_3.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_9.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_8.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_7.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_6.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\xactengine2_5.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_35.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_34.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx9_33.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_35.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_34.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10_33.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\d3dx10.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2011-01-25 19:40:47 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xinput1_2.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xinput1_1.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_4.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_3.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_2.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\xactengine2_1.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\x3daudio1_1.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\d3dx9_32.dll 2011-01-25 19:40:46 ----A---- C:\Windows\system32\d3dx9_31.dll 2011-01-25 19:40:45 ----A---- C:\Windows\system32\xactengine2_0.dll 2011-01-25 19:40:45 ----A---- C:\Windows\system32\x3daudio1_0.dll 2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_30.dll 2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_29.dll 2011-01-25 19:40:45 ----A---- C:\Windows\system32\d3dx9_28.dll 2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_27.dll 2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_26.dll 2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_25.dll 2011-01-25 19:40:44 ----A---- C:\Windows\system32\d3dx9_24.dll 2011-01-25 19:30:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Macromedia 2011-01-25 19:30:34 ----D---- C:\Users\PARADOX\AppData\Roaming\Adobe 2011-01-25 19:30:23 ----D---- C:\Windows\system32\Macromed 2011-01-25 19:28:22 ----N---- C:\Windows\system32\MpSigStub.exe 2011-01-25 19:26:46 ----D---- C:\Users\PARADOX\AppData\Roaming\Opera 2011-01-25 19:26:45 ----D---- C:\Program Files\Opera 2011-01-25 19:24:40 ----D---- C:\Users\PARADOX\AppData\Roaming\ATI 2011-01-25 19:24:40 ----D---- C:\ProgramData\ATI 2011-01-25 19:24:02 ----D---- C:\Program Files\Common Files\ATI Technologies 2011-01-25 19:23:23 ----SHD---- C:\Windows\Installer 2011-01-25 19:23:15 ----D---- C:\Program Files\ATI Technologies 2011-01-25 19:23:13 ----D---- C:\Program Files\ATI 2011-01-25 19:22:06 ----D---- C:\Windows\AMD 2011-01-25 14:21:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-01-25 14:15:59 ----D---- C:\Users\PARADOX\AppData\Roaming\Identities 2011-01-25 14:15:51 ----SD---- C:\Users\PARADOX\AppData\Roaming\Microsoft 2011-01-25 14:15:51 ----D---- C:\Users\PARADOX\AppData\Roaming\Media Center Programs 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Ulubione 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Szablony 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Pulpit 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Menu Start 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Dokumenty 2011-01-25 14:15:41 ----SHD---- C:\ProgramData\Dane aplikacji 2011-01-25 14:15:41 ----D---- C:\Recovery 2011-01-25 12:53:56 ----D---- C:\Windows\SoftwareDistribution 2011-01-25 12:50:26 ----D---- C:\Windows\Prefetch 2011-01-25 12:50:12 ----ASH---- C:\pagefile.sys 2011-01-25 12:50:10 ----SHD---- C:\System Volume Information 2011-01-25 12:50:10 ----ASH---- C:\hiberfil.sys ======List of files/folders modified in the last 1 months====== 2011-02-01 18:33:59 ----D---- C:\Windows\System32 2011-02-01 18:33:15 ----D---- C:\ProgramData 2011-02-01 18:33:00 ----D---- C:\Windows\system32\drivers 2011-02-01 18:31:58 ----D---- C:\Windows\winsxs 2011-02-01 18:31:48 ----D---- C:\Windows\system32\config 2011-02-01 18:31:45 ----D---- C:\Program Files\Common Files\microsoft shared 2011-02-01 18:12:04 ----RD---- C:\Program Files 2011-02-01 18:04:17 ----D---- C:\Windows 2011-02-01 18:03:15 ----A---- C:\Windows\system.ini 2011-02-01 18:01:44 ----D---- C:\Windows\AppPatch 2011-02-01 18:01:43 ----D---- C:\Program Files\Common Files 2011-02-01 13:56:08 ----D---- C:\Windows\inf 2011-01-29 00:15:11 ----RSD---- C:\Windows\Fonts 2011-01-28 20:58:02 ----D---- C:\Windows\system32\Tasks 2011-01-28 20:45:30 ----SD---- C:\ProgramData\Microsoft 2011-01-28 20:45:28 ----D---- C:\Windows\system32\drivers\UMDF 2011-01-27 20:55:47 ----RSD---- C:\Windows\assembly 2011-01-27 16:11:35 ----D---- C:\Windows\system32\NDF 2011-01-26 14:01:35 ----D---- C:\Windows\system32\catroot2 2011-01-26 14:01:35 ----D---- C:\Windows\system32\catroot 2011-01-26 13:49:50 ----D---- C:\Windows\Logs 2011-01-25 21:12:29 ----HD---- C:\Windows\system32\GroupPolicy 2011-01-25 21:05:30 ----D---- C:\Windows\Downloaded Program Files 2011-01-25 19:40:45 ----D---- C:\Windows\Microsoft.NET 2011-01-25 19:39:35 ----D---- C:\Windows\system32\DriverStore 2011-01-25 19:23:33 ----D---- C:\Windows\system32\restore 2011-01-25 15:33:16 ----D---- C:\Windows\system32\wdi 2011-01-25 14:21:18 ----D---- C:\Windows\system32\wbem 2011-01-25 14:20:57 ----D---- C:\Windows\system32\LogFiles 2011-01-25 14:15:50 ----RD---- C:\Users 2011-01-25 14:15:41 ----D---- C:\Program Files\Windows NT 2011-01-25 14:15:13 ----D---- C:\Windows\debug 2011-01-25 13:05:12 ----D---- C:\Windows\system32\CodeIntegrity 2011-01-25 12:53:51 ----D---- C:\Windows\system32\sysprep 2011-01-25 12:50:50 ----D---- C:\Windows\CSC ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384] R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288] R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 21072] R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 catchme;catchme; \??\C:\Users\PARADOX\AppData\Local\Temp\catchme.sys [] S3 mbr;mbr; \??\C:\ComboFix\mbr.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 176128] R2 AVGIDSAgent;AVGIDSAgent; G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720] R2 avgwd;AVG WatchDog; G:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------[/log] [log]OTL logfile created on: 2011-02-01 20:09:07 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 15,00 Gb Total Space | 4,26 Gb Free Space | 28,42% Space Free | Partition Type: NTFS Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe PRC - [2011-02-01 16:28:50 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- G:\Program Files\uTorrent\uTorrent.exe PRC - [2011-01-29 12:45:59 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2011-01-21 13:27:40 | 008,990,720 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgtray.exe PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgnsx.exe PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgemcx.exe PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgrsx.exe PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgchsvx.exe PRC - [2010-11-26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgwdsvc.exe PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgcsrvx.exe PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 02:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010-11-26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-11-17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010-09-13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010-08-03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2010-08-03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010-08-03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2009-12-17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-08-09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVG10\Firefox\ [2011-02-01 18:32:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Frajer Koks\components [2011-01-28 00:26:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Frajer Koks\plugins [2011-01-30 14:23:02 | 000,000,000 | ---D | M] [2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Extensions [2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Firefox\Profiles\x7psqbyd.default\extensions [2011-01-28 20:57:58 | 000,000,000 | ---D | M] (Skype extension) -- G:\FRAJER KOKS\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011-02-01 18:32:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVG10\FIREFOX O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.72.64.11 94.72.64.10 217.17.34.10 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - G:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - G:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-01 20:06:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe [2011-02-01 18:43:03 | 000,000,000 | -H-D | C] -- C:\$AVG [2011-02-01 18:37:36 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-01 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AVG10 [2011-02-01 18:33:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011-02-01 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 [2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011-02-01 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-02-01 18:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-02-01 18:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-02-01 17:59:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-02-01 17:59:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-02-01 17:59:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-02-01 17:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-02-01 17:59:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011-02-01 17:58:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-02-01 17:57:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-02-01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\uTorrent [2011-02-01 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn [2011-02-01 16:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2011-01-31 22:07:50 | 000,608,768 | ---- | C] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe [2011-01-30 19:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pascal 7 [2011-01-30 19:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\TP [2011-01-30 19:57:19 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2011-01-30 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2011-01-29 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Updater [2011-01-29 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Adobe [2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011-01-28 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Any Video Converter [2011-01-28 22:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2011-01-28 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\FileZilla [2011-01-28 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\skypePM [2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011-01-28 20:57:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011-01-28 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Skype [2011-01-28 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011-01-28 01:45:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011-01-28 01:45:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2011-01-28 01:45:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011-01-28 01:45:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2011-01-28 01:45:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2011-01-28 01:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2011-01-28 01:41:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Mozilla [2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Mozilla [2011-01-27 23:35:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011-01-27 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\PMB Files [2011-01-27 23:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011-01-27 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2011-01-27 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\FIFA 11 [2011-01-27 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Leadertech [2011-01-27 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Deluxe Ski Jump 4 [2011-01-27 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-01-26 21:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive [2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive [2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Sports Interactive [2011-01-26 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\TS3Client [2011-01-26 18:50:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ElevatedDiagnostics [2011-01-26 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla [2011-01-26 16:12:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-01-26 16:12:25 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-01-26 16:12:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-01-26 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\RDRM [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ipla [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla [2011-01-26 00:57:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2011-01-26 00:57:30 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2011-01-25 21:49:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011-01-25 21:49:12 | 000,000,000 | ---D | C] -- C:\Boot [2011-01-25 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft [2011-01-25 21:35:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-01-25 21:35:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-01-25 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011-01-25 21:29:57 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\WinRAR [2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-01-25 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft [2011-01-25 21:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\vShare [2011-01-25 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\WapSter [2011-01-25 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter [2011-01-25 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter [2011-01-25 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Diagnostics [2011-01-25 19:40:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011-01-25 19:40:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2011-01-25 19:40:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2011-01-25 19:40:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2011-01-25 19:40:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2011-01-25 19:40:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2011-01-25 19:40:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2011-01-25 19:40:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2011-01-25 19:40:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2011-01-25 19:40:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2011-01-25 19:40:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2011-01-25 19:40:49 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2011-01-25 19:40:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2011-01-25 19:40:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2011-01-25 19:40:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2011-01-25 19:40:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2011-01-25 19:40:48 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2011-01-25 19:40:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2011-01-25 19:40:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2011-01-25 19:40:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2011-01-25 19:40:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2011-01-25 19:40:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2011-01-25 19:40:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2011-01-25 19:40:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2011-01-25 19:40:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2011-01-25 19:40:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2011-01-25 19:40:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2011-01-25 19:40:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011-01-25 19:40:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011-01-25 19:40:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2011-01-25 19:40:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2011-01-25 19:40:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2011-01-25 19:40:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2011-01-25 19:40:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2011-01-25 19:40:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2011-01-25 19:40:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2011-01-25 19:40:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2011-01-25 19:40:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2011-01-25 19:40:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2011-01-25 19:40:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2011-01-25 19:40:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2011-01-25 19:40:47 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2011-01-25 19:40:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2011-01-25 19:40:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2011-01-25 19:40:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2011-01-25 19:40:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2011-01-25 19:40:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2011-01-25 19:40:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2011-01-25 19:40:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2011-01-25 19:40:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2011-01-25 19:40:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2011-01-25 19:40:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2011-01-25 19:40:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2011-01-25 19:40:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2011-01-25 19:40:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2011-01-25 19:40:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2011-01-25 19:40:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2011-01-25 19:40:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2011-01-25 19:40:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2011-01-25 19:40:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2011-01-25 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Macromedia [2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Adobe [2011-01-25 19:30:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011-01-25 19:28:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Opera [2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Opera [2011-01-25 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ATI [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ATI [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011-01-25 19:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kreator raportowania problemów ATI [2011-01-25 19:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011-01-25 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011-01-25 19:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011-01-25 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011-01-25 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011-01-25 19:22:06 | 000,000,000 | ---D | C] -- C:\Windows\AMD [2011-01-25 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Searches [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011-01-25 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Identities [2011-01-25 14:15:58 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Contacts [2011-01-25 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\VirtualStore [2011-01-25 14:15:51 | 000,000,000 | --SD | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Videos [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Saved Games [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Pictures [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Music [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Links [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Favorites [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Downloads [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Documents [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Desktop [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Ustawienia lokalne [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Temporary Internet Files [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Szablony [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\SendTo [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Recent [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\PrintHood [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\NetHood [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje wideo [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje obrazy [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Moje dokumenty [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moja muzyka [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Menu Start [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Historia [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Dane aplikacji [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Dane aplikacji [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Cookies [2011-01-25 14:15:51 | 000,000,000 | -H-D | C] -- C:\Users\PARADOX\AppData [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Temp [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Microsoft [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Media Center Programs [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2011-01-25 14:15:41 | 000,000,000 | ---D | C] -- C:\Recovery [2011-01-25 12:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011-01-25 12:50:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011-01-25 12:50:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-12-08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe [2011-02-01 18:34:22 | 105,103,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011-02-01 16:31:02 | 000,546,916 | ---- | M] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent [2011-02-01 16:18:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-01 13:56:08 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-01 13:56:08 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-01 13:56:08 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-01 13:56:08 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-01 13:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011-01-31 22:07:57 | 000,608,768 | ---- | M] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe [2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW [2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-01-30 18:40:26 | 000,000,603 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-01-29 23:16:59 | 003,465,331 | ---- | M] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3 [2011-01-29 12:42:10 | 000,267,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-01-28 20:59:43 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2011-01-28 20:45:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-01-28 00:26:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-01-27 15:10:56 | 000,000,576 | ---- | M] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk [2011-01-26 19:47:08 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011-01-26 00:57:30 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2011-01-26 00:57:30 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-01-25 21:35:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-01-25 21:35:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-01-25 19:26:46 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011-01-25 12:54:33 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf [2011-01-25 12:52:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011-01-13 09:00:00 | 000,080,896 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011-01-13 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010-12-07 19:40:22 | 000,183,808 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll [2010-12-07 19:22:46 | 000,810,496 | ---- | M] () -- C:\Windows\System32\xvidcore.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-01 18:34:22 | 105,103,635 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011-02-01 17:59:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-02-01 17:59:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-02-01 17:59:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-02-01 17:59:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-02-01 17:59:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-02-01 16:31:02 | 000,546,916 | ---- | C] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent [2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2011-01-30 21:00:18 | 000,354,606 | RHS- | C] () -- C:\MTQEW [2011-01-30 21:00:18 | 000,000,020 | RHS- | C] () -- C:\win7.ld [2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-01-30 18:40:26 | 000,000,603 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-01-30 14:23:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-01-29 23:16:26 | 003,465,331 | ---- | C] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3 [2011-01-29 00:01:03 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2011-01-29 00:01:03 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2011-01-28 20:59:43 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-01-28 20:45:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-01-28 00:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-01-27 15:10:56 | 000,000,576 | ---- | C] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk [2011-01-26 22:50:12 | 000,000,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011-01-26 19:47:08 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011-01-26 16:12:25 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-01-26 16:12:25 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-01-26 16:12:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-01-26 16:12:25 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-01-26 16:12:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-01-26 16:12:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-01-25 21:49:14 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011-01-25 21:49:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2011-01-25 19:26:46 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011-01-25 14:16:07 | 000,001,425 | ---- | C] () -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011-01-25 12:54:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011-01-25 12:54:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011-01-25 12:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-01-25 12:50:10 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [color=#E56717]========== LOP Check ==========[/color] [2011-01-25 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft [2011-01-25 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server [2011-01-25 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft [2011-02-01 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AVG10 [2011-01-30 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\FileZilla [2011-02-01 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn [2011-01-30 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ipla [2011-01-27 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Leadertech [2011-01-25 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Opera [2011-01-26 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\RDRM [2011-01-26 21:26:19 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive [2011-01-26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\TS3Client [2011-02-01 20:10:31 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\uTorrent [2009-07-14 05:53:46 | 000,005,244 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-02-01 18:04:15 | 000,010,842 | ---- | M] () -- C:\ComboFix.txt [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW [2011-02-01 13:51:54 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys [2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2011-02-01 20:09:07 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 15,00 Gb Total Space | 4,26 Gb Free Space | 28,42% Space Free | Partition Type: NTFS Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- G:\Frajer Koks\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard "{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish "{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian "{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai "{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All "{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy "{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean "{1DC4873F-493C-F305-B55E-0FE0BBC6EFD1}" = WMV9/VC-1 Video Playback "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch "{236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common "{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese "{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English "{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek "{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends "{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard "{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop "{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011 "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French "{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese "{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDEE9257-8FEB-7BAF-B28F-C4737036D674}" = ATI Catalyst Install Manager "{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish "{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static "{EC048D90-85C5-9695-A647-E480D0BD4756}" = ccc-utility "{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011 "{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish "{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2 "Any Video Converter_is1" = Any Video Converter 3.1.8 "AQQ" = WapSter AQQ "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2011 "CCleaner" = CCleaner "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1 "FileZilla Client" = FileZilla Client 3.3.5.1 "ImgBurn" = ImgBurn "ipla" = ipla 2.2.1 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Opera 11.01.1190" = Opera 11.01 "SopCast" = SopCast 3.3.2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Turbo Pascal 7.0" = Turbo Pascal 7.0 "uTorrent" = µTorrent "VirtualCloneDrive" = VirtualCloneDrive "vShare" = vShare Plugin "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-26 08:42:51 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-26 16:28:34 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MaxPayne.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: e2mfc.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x3c468130 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001e764 Identyfikator procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd: 0x01cbbd979289d7ef Ścieżka aplikacji powodującej błąd: D:\Max Payne\MaxPayne.exe Ścieżka modułu powodującego błąd: D:\Max Payne\e2mfc.dll Identyfikator raportu: d88dbb49-298a-11e0-bd43-001d7de6c270 Error - 2011-01-26 16:53:18 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl.exe, wersja: 1.1.1.1, sygnatura czasowa: 0x48feaf5a Nazwa modułu powodującego błąd: steam.dll, wersja: 2.0.1008.901, sygnatura czasowa: 0x4d2512b2 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x001e9eb3 Identyfikator procesu powodującego błąd: 0xe08 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbbd9af993b1f2 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\_daredevil__\counter-strike\hl.exe Ścieżka modułu powodującego błąd: D:\Steam\steam.dll Identyfikator raportu: 4d0d5d66-298e-11e0-bd43-001d7de6c270 Error - 2011-01-26 21:06:02 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-29 11:45:42 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-30 13:32:38 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-30 14:27:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0x1178 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbc0ab22efbca1 Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 9f9ff07f-2c9e-11e0-b893-001d7de6c270 Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Kod wyjątku: 0xc000001e Przesunięcie błędu: 0x00fafb08 Identyfikator procesu powodującego błąd: 0x1180 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbc0ab699c5add Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Identyfikator raportu: bdba0b2f-2c9f-11e0-b893-001d7de6c270 Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Adobe Photoshop CS2 z powodu tego błędu. Program: Adobe Photoshop CS2 Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2011-01-31 15:03:26 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. [ System Events ] Error - 2011-01-30 15:10:43 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-31 14:00:01 | Computer Name = PARADOX-AX | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-02-01 13:00:14 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-02-01 13:03:13 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. < End of report > [/log] 1]RSIT 2]OTL.TXT 3]OTL
Tomek01 komentarz 1 lutego 2011 komentarz 1 lutego 2011 Dlaczego nie jesteś pewien, rozwiń wypowiedź. Używałeś Combofix'a, pokaż log, który powstał: Combofix.txt 1
jstat komentarz 1 lutego 2011 Autor komentarz 1 lutego 2011 Ponieważ tak , miałem keyloga jakis czas temu i nie wiem do konca czy on dalej siedzi na kompie lub jakis inny, poniewaz ktos mi sie na konto wbił na forum. formata mialem od razu kiedy zaatakkował. [log]ComboFix 11-01-31.02 - PARADOX 2011-02-01 18:00:22.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2046.1114 [GMT 1:00] Uruchomiony z: c:\users\PARADOX\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-01 do 2011-02-01 ))))))))))))))))))))))))))))))) . 2011-02-01 17:03 . 2011-02-01 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-30 18:57 . 2011-01-30 18:57 -------- d-----w- c:\program files\TP 2011-01-30 18:57 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe 2011-01-28 22:29 . 2011-01-30 13:23 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----w- c:\program files\Common Files\Skype 2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----r- c:\program files\Skype 2011-01-28 19:57 . 2011-01-28 19:57 -------- d-----w- c:\programdata\Skype 2011-01-28 00:45 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2011-01-28 00:45 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2011-01-28 00:45 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-01-28 00:45 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-01-28 00:45 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-01-28 00:41 . 2011-01-28 00:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2011-01-27 22:35 . 2011-01-27 22:35 -------- d-----w- c:\windows\Sun 2011-01-27 22:21 . 2011-01-28 00:10 -------- d-----w- c:\programdata\PMB Files 2011-01-27 22:20 . 2011-01-27 22:20 -------- d-----w- c:\program files\Pando Networks 2011-01-26 20:26 . 2011-01-26 20:26 -------- d-----w- c:\programdata\Sports Interactive 2011-01-26 15:12 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll 2011-01-26 15:12 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll 2011-01-26 15:12 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll 2011-01-26 15:12 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll 2011-01-26 15:12 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-01-26 15:12 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm 2011-01-26 15:12 . 2011-01-13 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-01-26 00:02 . 2011-01-26 00:02 -------- d-----w- c:\program files\CCleaner 2011-01-25 23:57 . 2011-01-25 23:57 -------- d-----w- c:\programdata\ipla 2011-01-25 23:57 . 2011-01-25 23:57 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-01-25 23:57 . 2011-01-25 23:57 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2011-01-25 23:57 . 2011-01-25 23:57 1060864 ----a-w- c:\windows\system32\mfc71.dll 2011-01-25 20:49 . 2011-01-25 13:15 -------- d-----w- c:\windows\Panther 2011-01-25 20:49 . 2011-01-25 20:49 -------- d-----w- C:\Boot 2011-01-25 20:35 . 2011-01-25 20:35 -------- d-----w- c:\program files\Common Files\Java 2011-01-25 20:35 . 2011-01-25 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-25 20:35 . 2011-01-25 20:35 -------- d-----w- c:\program files\Java 2011-01-25 20:04 . 2011-01-25 20:04 -------- d-----w- c:\program files\vShare 2011-01-25 19:47 . 2011-01-25 19:47 -------- d-----w- c:\program files\WapSter 2011-01-25 18:30 . 2011-01-25 18:30 -------- d-----w- c:\windows\system32\Macromed 2011-01-25 18:28 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFC3BF9B-5DD8-4206-910F-D19593D33209}\mpengine.dll 2011-01-25 18:28 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-25 18:26 . 2011-01-29 11:46 -------- d-----w- c:\program files\Opera 2011-01-25 18:24 . 2011-01-25 18:24 -------- d-----w- c:\programdata\ATI 2011-01-25 18:24 . 2011-01-25 18:24 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-01-25 18:23 . 2011-01-30 13:23 -------- d-sh--w- c:\windows\Installer 2011-01-25 18:23 . 2011-01-25 18:24 -------- d-----w- c:\program files\ATI Technologies 2011-01-25 18:23 . 2011-01-25 18:23 -------- d-----w- c:\program files\ATI 2011-01-25 18:22 . 2011-01-25 18:22 -------- d-----w- c:\windows\AMD 2011-01-25 13:21 . 2011-02-01 12:56 -------- d-----w- c:\windows\system32\wbem\Performance 2011-01-25 11:52 . 2011-01-25 11:52 0 ----a-w- c:\windows\ativpsrm.bin . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\system32\atioglxx.dll 2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\system32\aticfx32.dll 2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- c:\windows\system32\atieclxx.exe 2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- c:\windows\system32\atimuixx.dll 2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-11-26 02:49 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll 2010-11-26 02:30 . 2009-06-10 21:19 4122624 ----a-w- c:\windows\system32\atiumdag.dll 2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\system32\aticalrt.dll 2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\system32\aticalcl.dll 2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\system32\aticaldd.dll 2010-11-26 02:24 . 2010-11-26 02:24 52736 ----a-w- c:\windows\system32\coinst.dll 2010-11-26 02:22 . 2009-07-13 22:09 3460096 ----a-w- c:\windows\system32\atiumdva.dll 2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\system32\atiadlxx.dll 2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\system32\atigktxx.dll 2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\system32\atiuxpag.dll 2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\atimpc32.dll 2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2010-11-17 12:04 . 2010-11-17 12:04 101392 ----a-w- c:\windows\system32\drivers\AtihdW73.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2011-01-21 8990720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\users\PARADOX\AppData\Roaming\Mozilla\Firefox\Profiles\x7psqbyd.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - g:\frajer koks\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - g:\frajer koks\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Cool AVI To 3GP Converter_is1 - g:\program files\Cool AVI To 3GP Converter\unins000.exe AddRemove-{B4C7FA0D-392F-4653-A631-6028E5CE1294}_is1 - g:\program files\Extreme Redeemer\unins000.exe . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2011-02-01 18:04:15 ComboFix-quarantined-files.txt 2011-02-01 17:04 Przed: 4 620 775 424 bajtów wolnych Po: 4 802 117 632 bajtów wolnych - - End Of File - - F2978BFEB98CD0DBF29ADAB2C86AD090 [/log]
Tomek01 komentarz 1 lutego 2011 komentarz 1 lutego 2011 Odinstaluj Combofix'a: Start >>> Uruchom >>> combofix /u [i naciskasz OK] Ręcznie usuń kwarantannę C:\Qoobox Po tych czynnościach pokaż nowy log OTL. 1
jstat komentarz 1 lutego 2011 Autor komentarz 1 lutego 2011 [log]OTL logfile created on: 2011-02-01 21:14:33 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 15,00 Gb Total Space | 4,28 Gb Free Space | 28,55% Space Free | Partition Type: NTFS Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe PRC - [2011-01-29 12:45:59 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgtray.exe PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgnsx.exe PRC - [2011-01-07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgemcx.exe PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgrsx.exe PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgchsvx.exe PRC - [2010-11-26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgwdsvc.exe PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG10\avgcsrvx.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010-11-26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010-11-26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010-11-26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-11-17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010-09-13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010-08-03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2010-08-03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010-08-03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2009-12-17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-08-09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: G:\Program Files\AVG\AVG10\Firefox\ [2011-02-01 18:32:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Frajer Koks\components [2011-01-28 00:26:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Frajer Koks\plugins [2011-01-30 14:23:02 | 000,000,000 | ---D | M] [2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Extensions [2011-01-28 00:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PARADOX\AppData\Roaming\mozilla\Firefox\Profiles\x7psqbyd.default\extensions [2011-01-28 20:57:58 | 000,000,000 | ---D | M] (Skype extension) -- G:\FRAJER KOKS\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011-02-01 18:32:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- G:\PROGRAM FILES\AVG\AVG10\FIREFOX O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] G:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.72.64.11 94.72.64.10 217.17.34.10 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - G:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (G:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - G:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-01 20:06:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe [2011-02-01 18:43:03 | 000,000,000 | -H-D | C] -- C:\$AVG [2011-02-01 18:37:36 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-01 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AVG10 [2011-02-01 18:33:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011-02-01 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 [2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011-02-01 18:32:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011-02-01 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-02-01 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-02-01 18:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-02-01 18:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-02-01 17:59:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-02-01 17:59:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-02-01 17:59:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-02-01 17:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-02-01 17:58:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-02-01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\uTorrent [2011-02-01 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn [2011-02-01 16:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2011-01-31 22:07:50 | 000,608,768 | ---- | C] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe [2011-01-30 19:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo Pascal 7 [2011-01-30 19:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\TP [2011-01-30 19:57:19 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2011-01-30 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2011-01-29 19:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2011-01-29 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Updater [2011-01-29 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Adobe [2011-01-28 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011-01-28 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Any Video Converter [2011-01-28 22:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2011-01-28 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\FileZilla [2011-01-28 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\skypePM [2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-01-28 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011-01-28 20:57:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011-01-28 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Skype [2011-01-28 20:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011-01-28 01:45:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011-01-28 01:45:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2011-01-28 01:45:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011-01-28 01:45:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2011-01-28 01:45:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2011-01-28 01:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2011-01-28 01:41:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Mozilla [2011-01-28 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Mozilla [2011-01-27 23:35:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011-01-27 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\PMB Files [2011-01-27 23:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011-01-27 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2011-01-27 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\FIFA 11 [2011-01-27 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Leadertech [2011-01-27 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\Documents\Deluxe Ski Jump 4 [2011-01-27 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-01-26 21:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive [2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive [2011-01-26 21:26:19 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Sports Interactive [2011-01-26 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\TS3Client [2011-01-26 18:50:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ElevatedDiagnostics [2011-01-26 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla [2011-01-26 16:12:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-01-26 16:12:25 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-01-26 16:12:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-01-26 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\RDRM [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ipla [2011-01-26 00:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla [2011-01-26 00:57:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2011-01-26 00:57:30 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2011-01-25 21:49:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011-01-25 21:49:12 | 000,000,000 | ---D | C] -- C:\Boot [2011-01-25 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-01-25 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\.minecraft [2011-01-25 21:35:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-01-25 21:35:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-01-25 21:35:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-01-25 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011-01-25 21:29:57 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\WinRAR [2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-01-25 21:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-01-25 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft [2011-01-25 21:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\vShare [2011-01-25 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\WapSter [2011-01-25 20:48:02 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter [2011-01-25 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter [2011-01-25 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Diagnostics [2011-01-25 19:40:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011-01-25 19:40:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2011-01-25 19:40:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2011-01-25 19:40:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2011-01-25 19:40:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2011-01-25 19:40:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2011-01-25 19:40:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2011-01-25 19:40:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2011-01-25 19:40:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2011-01-25 19:40:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2011-01-25 19:40:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2011-01-25 19:40:49 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2011-01-25 19:40:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2011-01-25 19:40:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2011-01-25 19:40:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2011-01-25 19:40:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2011-01-25 19:40:48 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2011-01-25 19:40:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2011-01-25 19:40:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2011-01-25 19:40:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2011-01-25 19:40:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2011-01-25 19:40:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2011-01-25 19:40:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2011-01-25 19:40:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2011-01-25 19:40:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2011-01-25 19:40:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2011-01-25 19:40:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2011-01-25 19:40:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2011-01-25 19:40:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2011-01-25 19:40:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011-01-25 19:40:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011-01-25 19:40:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2011-01-25 19:40:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2011-01-25 19:40:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2011-01-25 19:40:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2011-01-25 19:40:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2011-01-25 19:40:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2011-01-25 19:40:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2011-01-25 19:40:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2011-01-25 19:40:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2011-01-25 19:40:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2011-01-25 19:40:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2011-01-25 19:40:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2011-01-25 19:40:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2011-01-25 19:40:47 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2011-01-25 19:40:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2011-01-25 19:40:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2011-01-25 19:40:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2011-01-25 19:40:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2011-01-25 19:40:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2011-01-25 19:40:46 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2011-01-25 19:40:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2011-01-25 19:40:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2011-01-25 19:40:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2011-01-25 19:40:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2011-01-25 19:40:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2011-01-25 19:40:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2011-01-25 19:40:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2011-01-25 19:40:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2011-01-25 19:40:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2011-01-25 19:40:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2011-01-25 19:40:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2011-01-25 19:40:44 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2011-01-25 19:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Macromedia [2011-01-25 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Adobe [2011-01-25 19:30:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011-01-25 19:28:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Opera [2011-01-25 19:26:46 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Opera [2011-01-25 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\ATI [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\ATI [2011-01-25 19:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011-01-25 19:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kreator raportowania problemów ATI [2011-01-25 19:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011-01-25 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011-01-25 19:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011-01-25 19:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011-01-25 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011-01-25 19:22:06 | 000,000,000 | ---D | C] -- C:\Windows\AMD [2011-01-25 15:32:21 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Searches [2011-01-25 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011-01-25 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Identities [2011-01-25 14:15:58 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Contacts [2011-01-25 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\VirtualStore [2011-01-25 14:15:51 | 000,000,000 | --SD | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Videos [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Saved Games [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Pictures [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Music [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Links [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Favorites [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Downloads [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Documents [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\Desktop [2011-01-25 14:15:51 | 000,000,000 | R--D | C] -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Ustawienia lokalne [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Temporary Internet Files [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Szablony [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\SendTo [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Recent [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\PrintHood [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\NetHood [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje wideo [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moje obrazy [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Moje dokumenty [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Documents\Moja muzyka [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Menu Start [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Historia [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Dane aplikacji [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\AppData\Local\Dane aplikacji [2011-01-25 14:15:51 | 000,000,000 | -HSD | C] -- C:\Users\PARADOX\Cookies [2011-01-25 14:15:51 | 000,000,000 | -H-D | C] -- C:\Users\PARADOX\AppData [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Temp [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Local\Microsoft [2011-01-25 14:15:51 | 000,000,000 | ---D | C] -- C:\Users\PARADOX\AppData\Roaming\Media Center Programs [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2011-01-25 14:15:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2011-01-25 14:15:41 | 000,000,000 | ---D | C] -- C:\Recovery [2011-01-25 12:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011-01-25 12:50:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011-01-25 12:50:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-12-08 04:12:38 | 000,251,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-01 20:27:57 | 000,006,508 | ---- | M] () -- C:\Users\PARADOX\Desktop\23771853.jpg [2011-02-01 20:27:35 | 000,000,118 | ---- | M] () -- C:\Users\PARADOX\Desktop\zdr.rar [2011-02-01 20:07:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\PARADOX\Desktop\OTL.exe [2011-02-01 18:34:22 | 105,103,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011-02-01 16:31:02 | 000,546,916 | ---- | M] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent [2011-02-01 16:18:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-01 13:59:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-01 13:56:08 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-01 13:56:08 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-01 13:56:08 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-01 13:56:08 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-01 13:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011-01-31 22:07:57 | 000,608,768 | ---- | M] (Usb Xtaf Gui) -- C:\Users\PARADOX\USBXTAFGUI_v44.exe [2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW [2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-01-30 18:40:26 | 000,000,603 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-01-29 23:16:59 | 003,465,331 | ---- | M] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3 [2011-01-29 12:42:10 | 000,267,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-01-28 20:59:43 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2011-01-28 20:45:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-01-28 00:26:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-01-27 15:10:56 | 000,000,576 | ---- | M] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk [2011-01-26 19:47:08 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011-01-26 00:57:30 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2011-01-26 00:57:30 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-01-25 21:35:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011-01-25 21:35:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011-01-25 21:35:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011-01-25 19:26:46 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011-01-25 12:54:33 | 000,067,908 | ---- | M] () -- C:\Windows\System32\license.rtf [2011-01-25 12:52:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011-01-13 09:00:00 | 000,080,896 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011-01-13 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010-12-07 19:40:22 | 000,183,808 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll [2010-12-07 19:22:46 | 000,810,496 | ---- | M] () -- C:\Windows\System32\xvidcore.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-01 20:28:21 | 000,006,508 | ---- | C] () -- C:\Users\PARADOX\Desktop\23771853.jpg [2011-02-01 20:27:35 | 000,000,118 | ---- | C] () -- C:\Users\PARADOX\Desktop\zdr.rar [2011-02-01 18:34:22 | 105,103,635 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011-02-01 17:59:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-02-01 17:59:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-02-01 17:59:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-02-01 17:59:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-02-01 17:59:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-02-01 16:31:02 | 000,546,916 | ---- | C] () -- C:\Users\PARADOX\Desktop\Call.of.Duty.Black.Ops.READNFO.XBOX360-FW.torrent [2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-02-01 16:18:57 | 000,000,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2011-01-30 21:00:18 | 000,354,606 | RHS- | C] () -- C:\MTQEW [2011-01-30 21:00:18 | 000,000,020 | RHS- | C] () -- C:\win7.ld [2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-01-30 18:40:26 | 000,000,603 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011-01-30 14:23:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-01-29 23:16:26 | 003,465,331 | ---- | C] () -- C:\Users\PARADOX\Desktop\Knoc-Turn-039-al - Muzik .mp3 [2011-01-29 00:01:03 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2011-01-29 00:01:03 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2011-01-28 20:59:43 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-01-28 20:45:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-01-28 00:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-01-27 15:10:56 | 000,000,576 | ---- | C] () -- C:\Users\PARADOX\Desktop\DSJ4.lnk [2011-01-26 22:50:12 | 000,000,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011-01-26 19:47:08 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011-01-26 16:12:25 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-01-26 16:12:25 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-01-26 16:12:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-01-26 16:12:25 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-01-26 16:12:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-01-26 16:12:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-01-25 21:49:14 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011-01-25 21:49:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2011-01-25 19:26:46 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011-01-25 14:16:07 | 000,001,425 | ---- | C] () -- C:\Users\PARADOX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011-01-25 12:54:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011-01-25 12:54:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011-01-25 12:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-01-25 12:50:10 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [color=#E56717]========== LOP Check ==========[/color] [2011-01-25 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft [2011-01-25 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\.minecraft server [2011-01-25 21:14:35 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AnvSoft [2011-02-01 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\AVG10 [2011-01-30 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\FileZilla [2011-02-01 16:25:33 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ImgBurn [2011-01-30 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\ipla [2011-01-27 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Leadertech [2011-01-25 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Opera [2011-01-26 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\RDRM [2011-01-26 21:26:19 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\Sports Interactive [2011-01-26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\TS3Client [2011-02-01 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\PARADOX\AppData\Roaming\uTorrent [2009-07-14 05:53:46 | 000,005,244 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011-01-25 21:49:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-02-01 13:51:52 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-01-30 19:57:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-01-30 21:00:18 | 000,354,606 | RHS- | M] () -- C:\MTQEW [2011-02-01 13:51:54 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys [2011-01-30 21:00:18 | 000,000,020 | RHS- | M] () -- C:\win7.ld [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2011-02-01 21:14:33 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\PARADOX\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 15,00 Gb Total Space | 4,28 Gb Free Space | 28,55% Space Free | Partition Type: NTFS Drive D: | 75,00 Gb Total Space | 60,16 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Drive E: | 25,00 Gb Total Space | 21,80 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Drive F: | 75,00 Gb Total Space | 50,94 Gb Free Space | 67,92% Space Free | Partition Type: NTFS Drive G: | 42,86 Gb Total Space | 41,93 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Computer Name: PARADOX-AX | User Name: PARADOX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1720431038-2133209567-2331886862-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- G:\Frajer Koks\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard "{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish "{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian "{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai "{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All "{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy "{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean "{1DC4873F-493C-F305-B55E-0FE0BBC6EFD1}" = WMV9/VC-1 Video Playback "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch "{236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common "{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese "{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English "{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek "{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends "{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard "{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop "{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011 "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French "{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese "{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDEE9257-8FEB-7BAF-B28F-C4737036D674}" = ATI Catalyst Install Manager "{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish "{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static "{EC048D90-85C5-9695-A647-E480D0BD4756}" = ccc-utility "{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011 "{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish "{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2 "Any Video Converter_is1" = Any Video Converter 3.1.8 "AQQ" = WapSter AQQ "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2011 "CCleaner" = CCleaner "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1 "FileZilla Client" = FileZilla Client 3.3.5.1 "ImgBurn" = ImgBurn "ipla" = ipla 2.2.1 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Opera 11.01.1190" = Opera 11.01 "SopCast" = SopCast 3.3.2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Turbo Pascal 7.0" = Turbo Pascal 7.0 "uTorrent" = µTorrent "VirtualCloneDrive" = VirtualCloneDrive "vShare" = vShare Plugin "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-26 08:42:51 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-26 16:28:34 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: MaxPayne.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x31313931 Nazwa modułu powodującego błąd: e2mfc.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x3c468130 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001e764 Identyfikator procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd: 0x01cbbd979289d7ef Ścieżka aplikacji powodującej błąd: D:\Max Payne\MaxPayne.exe Ścieżka modułu powodującego błąd: D:\Max Payne\e2mfc.dll Identyfikator raportu: d88dbb49-298a-11e0-bd43-001d7de6c270 Error - 2011-01-26 16:53:18 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl.exe, wersja: 1.1.1.1, sygnatura czasowa: 0x48feaf5a Nazwa modułu powodującego błąd: steam.dll, wersja: 2.0.1008.901, sygnatura czasowa: 0x4d2512b2 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x001e9eb3 Identyfikator procesu powodującego błąd: 0xe08 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbbd9af993b1f2 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\_daredevil__\counter-strike\hl.exe Ścieżka modułu powodującego błąd: D:\Steam\steam.dll Identyfikator raportu: 4d0d5d66-298e-11e0-bd43-001d7de6c270 Error - 2011-01-26 21:06:02 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-29 11:45:42 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-30 13:32:38 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-01-30 14:27:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0x1178 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbc0ab22efbca1 Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 9f9ff07f-2c9e-11e0-b893-001d7de6c270 Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Nazwa modułu powodującego błąd: Photoshop.exe, wersja: 9.0.0.0, sygnatura czasowa: 0x42a5f2d9 Kod wyjątku: 0xc000001e Przesunięcie błędu: 0x00fafb08 Identyfikator procesu powodującego błąd: 0x1180 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbc0ab699c5add Ścieżka aplikacji powodującej błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Ścieżka modułu powodującego błąd: G:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe Identyfikator raportu: bdba0b2f-2c9f-11e0-b893-001d7de6c270 Error - 2011-01-30 14:35:42 | Computer Name = PARADOX-AX | Source = Application Error | ID = 1005 Description = System Windows nie może uzyskać dostępu do pliku z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem, na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi na tym komputerze; brak dysku. System Windows zamknął program Adobe Photoshop CS2 z powodu tego błędu. Program: Adobe Photoshop CS2 Plik: Wartość błędu jest wyświetlona w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: 00000000 Typ dysku: 0 Error - 2011-01-31 15:03:26 | Computer Name = PARADOX-AX | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. [ System Events ] Error - 2011-01-30 15:10:43 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-30 15:10:44 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2011-01-31 14:00:01 | Computer Name = PARADOX-AX | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:39 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-01-31 17:02:40 | Computer Name = PARADOX-AX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR7. Error - 2011-02-01 13:00:14 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-02-01 13:03:13 | Computer Name = PARADOX-AX | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. < End of report > [/log]
Tomek01 komentarz 1 lutego 2011 komentarz 1 lutego 2011 Wklej do OTL:[code] :OTL C:\Windows\temp C:\$RECYCLE.BIN C:\Windows\SWREG.exe C:\Windows\SWSC.exe C:\Windows\NIRCMD.exe C:\Windows\SWXCACLS.exe C:\Windows\ERDNT C:\ComboFix :Services mbr :Commands [emptytemp][/code] Po wszystkim w OTL wciśnij CleanUp. Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach. Użyj ATF Cleaner, zaznacz trzy pierwsze fajki i empty selected. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykryły raporty pokaż na forum. 1
jstat komentarz 1 lutego 2011 Autor komentarz 1 lutego 2011 [log]Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 5363 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2011-02-01 23:55:22 mbam-log-2011-02-01 (23-55-18).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|) Przeskanowano obiektów: 218553 Upłynęło: 30 minut(y), 17 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\Users\PARADOX\AppData\Local\Opera\Opera\cache\g_0066\opr00ZEH.tmp (Trojan.Dropper.PGen) -> No action taken. [/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.