legendk utworzono 6 lutego 2011 utworzono 6 lutego 2011 (edytowane) Witam Mam problem, pojawił się nagle. Kiedy próbuje dostać się do Mój Komputer to otwiera się tylko okno z eksploratorem Windows i coś tam się ładuje i nic, ledwo uruchomiłem Opere, żeby tu napisać, dodam że ostatnio coś ściągałem i jadę bez antyvira. (tak jestem debilem) Restartowałem już komputer i nic nie pomogło. Co się dzieje? Czy to wirus? Już wiem co jest.. wnr231.exe w procesach, tylko jak go tu teraz usunąć bez wejścia do Mój komputer i antyvira?
kelloco2 komentarz 6 lutego 2011 komentarz 6 lutego 2011 weź zamknij proces. Może wejdziesz, możesz spróbować w trybie awaryjnym i załatw sobie antywirusa. Jak jakiegoś masz to uruchom go przez menadżer zadań Plik>Nowe zadanie
Tomek01 komentarz 6 lutego 2011 komentarz 6 lutego 2011 Wstaw logi OTL i RSIT zgodnie z poniższym opisem. Przenoszę do odpowiedniego działu.
legendk komentarz 6 lutego 2011 Autor komentarz 6 lutego 2011 (edytowane) OLT.txt [log]OTL logfile created on: 2011-02-06 22:12:31 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 75,13 Gb Total Space | 29,83 Gb Free Space | 39,70% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 71,08 Gb Free Space | 36,39% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 94,46 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010-09-15 04:50:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe PRC - [2010-06-16 10:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 02:14:42 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ctfmon.exe PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-03-24 07:37:04 | 001,286,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-11-18 07:21:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-11-02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-06-17 22:04:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-06-16 21:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005-03-09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-05 13:28:13 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Cabal Unlimited\Byakko.K32 -- (ByakkoDriver) DRV - [2010-06-24 15:26:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-08 16:19:26 | 003,112,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010-06-08 00:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2005-03-09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.wp.pl/ [binary data] IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-20 21:33:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-03 18:47:49 | 000,000,000 | ---D | M] [2010-06-28 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011-02-05 17:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions [2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010-12-12 20:41:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010-08-24 20:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2010-08-07 22:16:28 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\illimitux@illimitux.net [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\BearShareWebSearch.xml [2010-12-15 15:22:16 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\conduit.xml [2011-02-05 17:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-23 22:36:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-12-06 19:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-06-26 08:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml [2010-06-26 08:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-06-26 08:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-26 08:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-26 08:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-26 08:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-12-03 14:51:12 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: ::1 localhost O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nssvc32.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvcs.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnr231.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\logonInit.dll () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell - "" = AutoRun O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell\AutoRun\command - "" = J:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-06 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-02-06 22:13:36 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-06 16:42:44 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup303.exe [2011-02-06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\do nauki [2011-02-05 22:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-02-05 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2011-02-05 22:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google [2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011-02-05 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PandoraRecovery [2011-02-05 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery [2011-02-05 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery [2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles [2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\UndeleteMyFiles [2011-02-05 11:38:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\luty 2011 [2011-02-03 21:44:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\testdisk-6.11.3 [2011-01-30 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt [2011-01-23 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Deluxe Ski Jump 4 [2011-01-23 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-01-23 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [2011-01-23 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\kmeaw [2011-01-16 17:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Nowy folder [2011-01-14 15:21:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ikonki [2011-01-12 21:03:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ubki [2010-12-30 13:37:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{789F916F-CD1D-44F8-B59F-5AAF7B9912AC} [2010-12-30 13:37:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{292012BA-D6C1-45D0-9B09-C6AA5240581A} [2010-12-27 19:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-12-25 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\prog [2010-12-25 11:49:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4099443F-E2AE-42B8-92FF-4B6EFEF3A091} [2010-12-25 11:43:44 | 000,000,000 | ---D | C] -- C:\Windows\pl [2010-12-25 11:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010-12-25 11:34:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010-12-25 11:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010-12-25 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live [2010-12-25 11:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010-12-21 22:28:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2010-12-21 22:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2010-12-21 22:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2010-12-21 22:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2010-12-21 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-12-21 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare [2010-12-21 21:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2010-12-21 21:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect [2010-12-21 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2010-12-21 20:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect [2010-12-19 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2010-12-19 20:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2010-12-19 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ [2010-12-19 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2010-12-15 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.6.1 [2010-12-15 20:47:09 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll [2010-12-15 20:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-12-13 18:48:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\geo [2010-12-12 22:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010-12-12 22:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010-12-12 20:41:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2010-12-12 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DVDVideoSoft [2010-12-12 20:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2010-12-12 20:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010-12-12 20:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010-12-10 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\RapidShareManager [2010-12-10 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RapidShare Manager [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-06 21:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-06 21:55:20 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2011-02-06 21:51:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemplM2056.html [2011-02-06 21:51:43 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempie2056.html [2011-02-06 21:51:29 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-02-06 18:19:20 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-06 18:19:20 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-06 17:50:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempiL2908.html [2011-02-06 17:50:25 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempgQ2908.html [2011-02-06 17:33:12 | 000,648,748 | ---- | M] () -- C:\Users\User\Documents\BioWare.rar [2011-02-06 17:33:02 | 000,000,020 | ---- | M] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar [2011-02-06 17:10:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSi3592.html [2011-02-06 17:10:31 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempWf3592.html [2011-02-06 17:10:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempQg3020.html [2011-02-06 17:10:05 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfj3020.html [2011-02-06 17:00:14 | 000,171,180 | ---- | M] () -- C:\Users\User\Desktop\OTL.exe [2011-02-06 16:57:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-02-06 16:54:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWm3172.html [2011-02-06 16:54:29 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyt3172.html [2011-02-06 16:51:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempvo3152.html [2011-02-06 16:51:23 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TemptN3152.html [2011-02-06 16:43:02 | 003,006,368 | ---- | M] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup303.exe [2011-02-06 16:27:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjx2624.html [2011-02-06 16:27:32 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempZf2624.html [2011-02-06 16:25:28 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprN3092.html [2011-02-06 16:25:28 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLb3092.html [2011-02-06 16:22:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJl4596.html [2011-02-06 16:22:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLi4596.html [2011-02-06 15:17:07 | 004,352,601 | ---- | M] () -- C:\Users\User\Desktop\sieci.rar [2011-02-06 15:04:45 | 000,746,594 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-06 15:04:44 | 000,632,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-06 15:04:44 | 000,150,920 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-06 15:04:44 | 000,121,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-06 11:50:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLa4724.html [2011-02-05 23:13:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPO2384.html [2011-02-05 22:57:52 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011-02-05 11:44:45 | 000,247,612 | ---- | M] () -- C:\Users\User\Desktop\Sony-Playstation.ico [2011-02-04 21:15:27 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPE3028.html [2011-02-04 12:04:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempeV2064.html [2011-02-04 10:01:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptE2204.html [2011-02-03 22:43:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyb3056.html [2011-02-03 22:43:15 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempbU3056.html [2011-02-03 21:46:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempnR2680.html [2011-02-03 21:46:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempNF2680.html [2011-02-03 20:56:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemplW3312.html [2011-02-03 20:56:31 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempyR3312.html [2011-02-03 16:31:48 | 226,173,471 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-01-31 08:40:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempqb2992.html [2011-01-31 00:44:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUQ2288.html [2011-01-31 00:22:49 | 000,057,476 | ---- | M] () -- C:\Users\User\Desktop\ddd33.png [2011-01-30 22:18:16 | 000,085,693 | ---- | M] () -- C:\Users\User\Desktop\pulpfiction.png [2011-01-30 22:02:31 | 000,000,951 | ---- | M] () -- C:\Users\User\Desktop\NapiProjekt.lnk [2011-01-30 19:20:27 | 000,416,508 | ---- | M] () -- C:\Users\User\Desktop\friday_gif_collection_10.gif [2011-01-30 16:12:21 | 023,345,299 | ---- | M] () -- C:\Users\User\Desktop\tapeta.psd [2011-01-30 15:52:22 | 001,463,320 | ---- | M] () -- C:\Users\User\Desktop\Untitled-3.jpg [2011-01-30 15:48:14 | 000,000,122 | ---- | M] () -- C:\Users\User\Desktop\3-2-45-1-569179-1-4ACE99-DDEE1E-DDEE1E-DDEE1E-DDEE1E-B3F1D5-78D316-78D316-78D316-78D316-yes-yes-yes-yes-yes-.png [2011-01-30 15:40:54 | 000,080,744 | ---- | M] () -- C:\Users\User\Desktop\PlayStation_1_Logo.png [2011-01-30 15:34:42 | 001,347,382 | ---- | M] () -- C:\Users\User\Desktop\Crysis2.png [2011-01-30 15:33:02 | 001,016,441 | ---- | M] () -- C:\Users\User\Desktop\Crysis render 1 .png [2011-01-30 15:31:13 | 001,381,719 | ---- | M] () -- C:\Users\User\Desktop\Crysis_Render~0.png [2011-01-30 15:10:24 | 002,256,246 | ---- | M] () -- C:\Users\User\Desktop\ddd.psd [2011-01-30 12:10:45 | 000,056,680 | ---- | M] () -- C:\Users\User\Desktop\ddd.png [2011-01-29 23:55:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphh2692.html [2011-01-29 23:23:54 | 000,055,716 | ---- | M] () -- C:\Users\User\Desktop\dddd.png [2011-01-29 23:14:15 | 000,166,821 | ---- | M] () -- C:\Users\User\Desktop\Assassinscreed1.png [2011-01-29 23:10:27 | 000,686,644 | ---- | M] () -- C:\Users\User\Desktop\Dead_Space_2_Render.png [2011-01-29 23:09:05 | 000,085,871 | ---- | M] () -- C:\Users\User\Desktop\normal_Bioshock_2.png [2011-01-29 23:07:31 | 000,044,328 | ---- | M] () -- C:\Users\User\Desktop\normal_thro_dv_render.png [2011-01-29 17:17:04 | 005,392,880 | ---- | M] () -- C:\Users\User\Desktop\trondp.psd [2011-01-29 16:29:09 | 000,067,741 | ---- | M] () -- C:\Users\User\Desktop\trondp.jpg [2011-01-29 09:18:35 | 002,216,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-01-29 00:15:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempef2348.html [2011-01-28 22:01:17 | 000,067,100 | ---- | M] () -- C:\Users\User\Desktop\logo.png [2011-01-28 21:59:51 | 000,230,635 | ---- | M] () -- C:\Users\User\Desktop\20091226100915!Normandy_Render.png [2011-01-27 23:16:55 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAH4004.html [2011-01-27 15:50:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempqg2640.html [2011-01-27 15:50:52 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempcn2640.html [2011-01-26 22:53:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempzy1656.html [2011-01-25 16:41:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmGK588.html [2011-01-25 14:22:00 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXm2468.html [2011-01-24 22:35:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemppX2696.html [2011-01-24 20:13:59 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRE4060.html [2011-01-24 17:41:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempVK3644.html [2011-01-24 14:13:50 | 000,041,916 | ---- | M] () -- C:\Users\User\Desktop\pko_trans_details_110124_141346.pdf [2011-01-23 22:29:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyp3784.html [2011-01-23 21:16:20 | 000,001,010 | ---- | M] () -- C:\Users\User\Desktop\DSJ4.lnk [2011-01-23 17:03:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempxp1604.html [2011-01-23 14:47:44 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZQ2600.html [2011-01-23 10:34:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprU2260.html [2011-01-23 09:52:35 | 178,890,320 | ---- | M] () -- C:\Users\User\Desktop\PS3UPDAT.PUP [2011-01-22 23:37:54 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempOU4048.html [2011-01-22 20:20:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZd3672.html [2011-01-22 18:09:20 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFQa516.html [2011-01-21 20:22:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWe2200.html [2011-01-21 17:21:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFd3292.html [2011-01-21 11:05:57 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprD2416.html [2011-01-20 23:29:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYz2400.html [2011-01-20 23:29:08 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Temphk2400.html [2011-01-20 22:34:53 | 000,879,402 | ---- | M] () -- C:\Users\User\Desktop\sieci.zip [2011-01-19 22:36:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWl3960.html [2011-01-19 19:02:11 | 009,435,984 | ---- | M] () -- C:\Users\User\Desktop\UP0001-BLES00896_00-0000000000000000.pkg [2011-01-19 18:03:14 | 007,799,392 | ---- | M] () -- C:\Users\User\Desktop\UP0001-BLES00952_00-0000111122223333.pkg [2011-01-19 17:08:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempoF2476.html [2011-01-18 23:19:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprP3132.html [2011-01-18 06:28:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAM2512.html [2011-01-18 06:28:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempEY2512.html [2011-01-17 22:35:06 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYa2168.html [2011-01-17 19:41:11 | 003,330,304 | ---- | M] () -- C:\Users\User\Desktop\BLUS30566V100.pkg [2011-01-17 12:35:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAg2464.html [2011-01-17 12:35:52 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempfE2464.html [2011-01-16 22:12:55 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjx2292.html [2011-01-16 17:57:26 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPl4164.html [2011-01-16 17:57:26 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempXg4164.html [2011-01-16 17:28:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempas2664.html [2011-01-16 17:10:07 | 003,120,012 | ---- | M] () -- C:\Users\User\Documents\Nowy folder.rar [2011-01-16 15:35:10 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphl2204.html [2011-01-16 03:11:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempgB2108.html [2011-01-16 03:11:17 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLc2108.html [2011-01-15 11:50:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAO2632.html [2011-01-14 23:25:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempBP2604.html [2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg [2011-01-14 21:57:53 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptA3752.html [2011-01-14 15:40:44 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempsN2728.html [2011-01-13 23:03:26 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYo2256.html [2011-01-12 22:51:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUH3092.html [2011-01-12 19:05:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Templr2400.html [2011-01-12 17:48:18 | 000,103,345 | ---- | M] () -- C:\Users\User\Desktop\Untitled-2.gif [2011-01-12 08:25:45 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempwb2572.html [2011-01-12 08:25:45 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempkZ2572.html [2011-01-11 22:17:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempMH3004.html [2011-01-11 18:44:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempTR3004.html [2011-01-11 18:06:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKx2340.html [2011-01-11 16:40:53 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempTk2340.html [2011-01-11 06:44:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRp2428.html [2011-01-11 06:44:30 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGJ2428.html [2011-01-10 22:18:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempto3188.html [2011-01-09 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCZ2452.html [2011-01-09 00:16:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJm2492.html [2011-01-08 00:28:49 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempbW3240.html [2011-01-07 21:17:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmR2188.html [2011-01-07 08:24:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempoW2396.html [2011-01-07 08:24:21 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCd2396.html [2011-01-06 17:38:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWST992.html [2011-01-06 17:38:56 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempYZb992.html [2011-01-05 22:05:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempdU2520.html [2011-01-05 09:05:48 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUE2660.html [2011-01-05 09:05:48 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempaE2660.html [2011-01-04 22:49:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLx2092.html [2011-01-04 20:22:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempts2884.html [2011-01-04 17:41:32 | 061,002,212 | ---- | M] () -- C:\Users\User\Documents\0UpAB12_t34.rar [2011-01-04 17:16:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempxB2144.html [2011-01-04 06:14:48 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfm2460.html [2011-01-04 06:14:48 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempnJ2460.html [2011-01-03 21:52:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZp3276.html [2011-01-03 21:47:33 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSL2660.html [2011-01-02 22:55:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUg2104.html [2011-01-02 13:08:24 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempMh2928.html [2011-01-02 00:07:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDU3268.html [2011-01-02 00:07:14 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempsf3268.html [2011-01-01 00:46:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKE3456.html [2011-01-01 00:46:04 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempaw3456.html [2010-12-30 23:40:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYK2168.html [2010-12-30 08:24:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIO2196.html [2010-12-30 08:24:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCK2196.html [2010-12-29 21:38:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempcp2444.html [2010-12-28 23:47:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfr2220.html [2010-12-28 23:47:29 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCr2220.html [2010-12-28 15:34:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZs2208.html [2010-12-28 15:34:25 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempuQ2208.html [2010-12-28 12:00:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGh2488.html [2010-12-28 12:00:16 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempmx2488.html [2010-12-28 08:21:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempdG2380.html [2010-12-28 08:21:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempce2380.html [2010-12-27 23:43:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkq1864.html [2010-12-27 23:00:34 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphf1904.html [2010-12-27 19:21:10 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temppb2760.html [2010-12-27 17:35:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempcH2312.html [2010-12-27 11:59:39 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempdg2176.html [2010-12-27 11:59:39 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempql2176.html [2010-12-27 10:07:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempcB2192.html [2010-12-27 00:02:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDA2268.html [2010-12-26 22:27:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDg2568.html [2010-12-26 08:29:28 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempeD2868.html [2010-12-25 22:59:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempvj2020.html [2010-12-25 17:09:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjn3632.html [2010-12-25 17:09:17 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempUy3632.html [2010-12-25 14:26:54 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIc2512.html [2010-12-25 12:55:49 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFi4072.html [2010-12-25 12:55:49 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGS4072.html [2010-12-25 12:16:10 | 000,006,341 | ---- | M] () -- C:\Users\User\Documents\Mój film.wlmp [2010-12-25 12:15:58 | 036,631,171 | ---- | M] () -- C:\Users\User\Desktop\Mój film.wmv [2010-12-25 11:36:44 | 000,000,020 | ---- | M] () -- C:\Windows\„ö› [2010-12-25 11:32:55 | 000,004,309 | -H-- | M] () -- C:\Users\User\Documents\21_Going Wrong (Acoustic Version).mp3.jpg [2010-12-25 11:32:45 | 000,004,309 | -H-- | M] () -- C:\Users\User\Documents\07_Going Wrong (Original Mix).mp3.jpg [2010-12-25 11:32:44 | 000,009,554 | -H-- | M] () -- C:\Users\User\Documents\06 gorillaz - feel good inc.[www.mixermusic.net].mp3.jpg [2010-12-25 11:32:43 | 000,009,554 | -H-- | M] () -- C:\Users\User\Documents\05 gorillaz - dirty harry.[www.mixermusic.net].mp3.jpg [2010-12-25 11:17:47 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGp2440.html [2010-12-25 01:38:42 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFY3428.html [2010-12-24 23:12:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temprd1456.html [2010-12-24 22:17:04 | 000,056,655 | ---- | M] () -- C:\Users\User\Documents\090403_105719.jpg [2010-12-24 22:15:34 | 000,046,014 | ---- | M] () -- C:\Users\User\Documents\090403_105815.jpg [2010-12-24 22:14:03 | 000,069,861 | ---- | M] () -- C:\Users\User\Documents\090403_105656.jpg [2010-12-24 12:45:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempjJ3728.html [2010-12-24 08:38:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempuO2136.html [2010-12-24 00:21:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempwmt532.html [2010-12-23 21:44:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Templa2508.html [2010-12-23 19:50:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempbO2284.html [2010-12-23 19:50:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempIc2284.html [2010-12-23 15:05:40 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUF2256.html [2010-12-23 15:05:40 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGD2256.html [2010-12-23 11:48:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempOG1824.html [2010-12-23 11:48:11 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempoF1824.html [2010-12-23 10:19:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempxM2248.html [2010-12-22 23:46:01 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempyI2248.html [2010-12-22 16:04:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLm3300.html [2010-12-22 08:23:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempfZ2124.html [2010-12-22 08:23:23 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempYJ2124.html [2010-12-21 22:41:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempnu2120.html [2010-12-21 22:28:32 | 000,000,971 | ---- | M] () -- C:\Users\User\Desktop\SpeedFan.lnk [2010-12-21 22:28:31 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2010-12-21 22:28:30 | 000,000,000 | ---- | M] () -- C:\Users\User\Desktop\initdebug.nfo [2010-12-21 22:15:33 | 000,001,078 | ---- | M] () -- C:\Users\User\Desktop\EVEREST Home Edition.lnk [2010-12-21 21:04:32 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect.lnk [2010-12-20 22:05:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkn1228.html [2010-12-20 17:46:47 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempsg1968.html [2010-12-20 16:55:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXD2288.html [2010-12-20 15:20:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAx1812.html [2010-12-20 06:34:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempaS3044.html [2010-12-20 06:08:02 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempHW2296.html [2010-12-19 22:22:02 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempgr3520.html [2010-12-19 21:15:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptD3932.html [2010-12-19 20:52:05 | 000,001,008 | ---- | M] () -- C:\Users\User\Desktop\Virtual DJ Home.lnk [2010-12-19 08:22:01 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZy2624.html [2010-12-18 23:57:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempqR2732.html [2010-12-18 22:25:06 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmD2868.html [2010-12-18 17:08:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKR2480.html [2010-12-18 17:08:11 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempSM2480.html [2010-12-17 23:48:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempky2072.html [2010-12-17 15:58:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temppu2072.html [2010-12-16 22:39:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLE3968.html [2010-12-16 19:14:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempsB2552.html [2010-12-15 22:30:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCl3940.html [2010-12-15 20:47:11 | 000,000,959 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk [2010-12-15 19:35:24 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZM2112.html [2010-12-14 22:26:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWL1104.html [2010-12-14 21:08:50 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZG2328.html [2010-12-14 18:53:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSK2132.html [2010-12-14 18:53:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempPu2132.html [2010-12-14 06:48:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGZ2356.html [2010-12-14 06:48:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempnU2356.html [2010-12-13 22:10:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkp2340.html [2010-12-12 22:34:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXf2168.html [2010-12-12 20:41:32 | 000,001,203 | ---- | M] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk [2010-12-12 20:41:18 | 000,001,362 | ---- | M] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter.lnk [2010-12-11 23:39:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYp1888.html [2010-12-11 21:45:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCB2016.html [2010-12-11 20:44:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRk3264.html [2010-12-11 15:15:57 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempxn1616.html [2010-12-11 09:58:45 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempgC2392.html [2010-12-11 09:58:45 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempcE2392.html [2010-12-10 23:32:12 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempqO3492.html [2010-12-10 20:31:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFns608.html [2010-12-10 16:04:33 | 000,001,053 | ---- | M] () -- C:\Users\User\Desktop\RapidShare Manager.lnk [2010-12-10 15:50:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXO2068.html [2010-12-10 08:17:37 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJs2412.html [2010-12-10 08:17:37 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempkA2412.html [2010-12-09 21:57:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPr2416.html [2010-12-09 16:39:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIS2072.html [2010-12-09 16:39:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempKn2072.html [2010-12-09 06:19:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempBP2084.html [2010-12-09 06:19:15 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempRx2084.html [2010-12-08 22:27:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempwV3928.html [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-06 21:51:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplM2056.html [2011-02-06 21:51:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempie2056.html [2011-02-06 17:50:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiL2908.html [2011-02-06 17:50:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempgQ2908.html [2011-02-06 17:33:12 | 000,648,748 | ---- | C] () -- C:\Users\User\Documents\BioWare.rar [2011-02-06 17:33:02 | 000,000,020 | ---- | C] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar [2011-02-06 17:10:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSi3592.html [2011-02-06 17:10:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWf3592.html [2011-02-06 17:06:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQg3020.html [2011-02-06 17:06:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfj3020.html [2011-02-06 16:59:54 | 000,171,180 | ---- | C] () -- C:\Users\User\Desktop\OTL.exe [2011-02-06 16:54:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWm3172.html [2011-02-06 16:54:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyt3172.html [2011-02-06 16:34:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvo3152.html [2011-02-06 16:34:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptN3152.html [2011-02-06 16:27:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjx2624.html [2011-02-06 16:27:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempZf2624.html [2011-02-06 16:24:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprN3092.html [2011-02-06 16:24:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLb3092.html [2011-02-06 16:16:59 | 004,352,601 | ---- | C] () -- C:\Users\User\Desktop\sieci.rar [2011-02-06 13:07:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJl4596.html [2011-02-06 13:07:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLi4596.html [2011-02-06 11:47:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLa4724.html [2011-02-05 22:57:52 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011-02-05 22:52:59 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-02-05 22:52:57 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-02-05 20:46:57 | 000,049,233 | ---- | C] () -- C:\Windows\System32\fat32format.exe [2011-02-05 11:43:57 | 000,247,612 | ---- | C] () -- C:\Users\User\Desktop\Sony-Playstation.ico [2011-02-05 07:51:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPO2384.html [2011-02-04 13:49:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE3028.html [2011-02-04 10:13:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeV2064.html [2011-02-04 09:16:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptE2204.html [2011-02-03 21:53:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyb3056.html [2011-02-03 21:53:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempbU3056.html [2011-02-03 21:01:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnR2680.html [2011-02-03 21:01:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNF2680.html [2011-02-03 16:39:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplW3312.html [2011-02-03 16:39:56 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempyR3312.html [2011-01-31 07:35:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqb2992.html [2011-01-31 00:22:46 | 000,057,476 | ---- | C] () -- C:\Users\User\Desktop\ddd33.png [2011-01-30 22:18:16 | 000,085,693 | ---- | C] () -- C:\Users\User\Desktop\pulpfiction.png [2011-01-30 22:02:31 | 000,000,951 | ---- | C] () -- C:\Users\User\Desktop\NapiProjekt.lnk [2011-01-30 19:20:27 | 000,416,508 | ---- | C] () -- C:\Users\User\Desktop\friday_gif_collection_10.gif [2011-01-30 16:12:20 | 023,345,299 | ---- | C] () -- C:\Users\User\Desktop\tapeta.psd [2011-01-30 15:52:20 | 001,463,320 | ---- | C] () -- C:\Users\User\Desktop\Untitled-3.jpg [2011-01-30 15:48:14 | 000,000,122 | ---- | C] () -- C:\Users\User\Desktop\3-2-45-1-569179-1-4ACE99-DDEE1E-DDEE1E-DDEE1E-DDEE1E-B3F1D5-78D316-78D316-78D316-78D316-yes-yes-yes-yes-yes-.png [2011-01-30 15:40:54 | 000,080,744 | ---- | C] () -- C:\Users\User\Desktop\PlayStation_1_Logo.png [2011-01-30 15:34:42 | 001,347,382 | ---- | C] () -- C:\Users\User\Desktop\Crysis2.png [2011-01-30 15:33:02 | 001,016,441 | ---- | C] () -- C:\Users\User\Desktop\Crysis render 1 .png [2011-01-30 15:31:13 | 001,381,719 | ---- | C] () -- C:\Users\User\Desktop\Crysis_Render~0.png [2011-01-30 12:10:44 | 000,056,680 | ---- | C] () -- C:\Users\User\Desktop\ddd.png [2011-01-30 12:02:27 | 002,256,246 | ---- | C] () -- C:\Users\User\Desktop\ddd.psd [2011-01-30 11:14:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUQ2288.html [2011-01-29 23:23:53 | 000,055,716 | ---- | C] () -- C:\Users\User\Desktop\dddd.png [2011-01-29 23:14:15 | 000,166,821 | ---- | C] () -- C:\Users\User\Desktop\Assassinscreed1.png [2011-01-29 23:10:27 | 000,686,644 | ---- | C] () -- C:\Users\User\Desktop\Dead_Space_2_Render.png [2011-01-29 23:09:05 | 000,085,871 | ---- | C] () -- C:\Users\User\Desktop\normal_Bioshock_2.png [2011-01-29 23:07:31 | 000,044,328 | ---- | C] () -- C:\Users\User\Desktop\normal_thro_dv_render.png [2011-01-29 16:29:08 | 000,067,741 | ---- | C] () -- C:\Users\User\Desktop\trondp.jpg [2011-01-29 15:33:29 | 005,392,880 | ---- | C] () -- C:\Users\User\Desktop\trondp.psd [2011-01-29 09:19:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphh2692.html [2011-01-28 22:01:17 | 000,067,100 | ---- | C] () -- C:\Users\User\Desktop\logo.png [2011-01-28 21:59:51 | 000,230,635 | ---- | C] () -- C:\Users\User\Desktop\20091226100915!Normandy_Render.png [2011-01-28 13:20:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempef2348.html [2011-01-27 15:52:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAH4004.html [2011-01-27 15:50:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqg2640.html [2011-01-27 15:50:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcn2640.html [2011-01-26 15:51:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzy1656.html [2011-01-25 15:20:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmGK588.html [2011-01-25 13:43:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXm2468.html [2011-01-24 20:46:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppX2696.html [2011-01-24 18:05:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRE4060.html [2011-01-24 14:13:50 | 000,041,916 | ---- | C] () -- C:\Users\User\Desktop\pko_trans_details_110124_141346.pdf [2011-01-24 09:21:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVK3644.html [2011-01-23 21:16:20 | 000,001,010 | ---- | C] () -- C:\Users\User\Desktop\DSJ4.lnk [2011-01-23 17:46:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyp3784.html [2011-01-23 15:47:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxp1604.html [2011-01-23 11:04:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZQ2600.html [2011-01-23 09:26:36 | 178,890,320 | ---- | C] () -- C:\Users\User\Desktop\PS3UPDAT.PUP [2011-01-23 08:45:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprU2260.html [2011-01-22 21:35:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOU4048.html [2011-01-22 19:11:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZd3672.html [2011-01-22 08:21:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQa516.html [2011-01-21 17:38:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe2200.html [2011-01-21 11:39:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFd3292.html [2011-01-21 09:31:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprD2416.html [2011-01-20 22:34:51 | 000,879,402 | ---- | C] () -- C:\Users\User\Desktop\sieci.zip [2011-01-20 20:45:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYz2400.html [2011-01-20 20:45:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temphk2400.html [2011-01-19 18:58:33 | 009,435,984 | ---- | C] () -- C:\Users\User\Desktop\UP0001-BLES00896_00-0000000000000000.pkg [2011-01-19 18:01:28 | 007,799,392 | ---- | C] () -- C:\Users\User\Desktop\UP0001-BLES00952_00-0000111122223333.pkg [2011-01-19 17:57:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWl3960.html [2011-01-19 15:39:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoF2476.html [2011-01-18 16:06:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprP3132.html [2011-01-18 06:06:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAM2512.html [2011-01-18 06:06:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEY2512.html [2011-01-17 19:40:23 | 003,330,304 | ---- | C] () -- C:\Users\User\Desktop\BLUS30566V100.pkg [2011-01-17 19:31:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYa2168.html [2011-01-17 12:34:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAg2464.html [2011-01-17 12:34:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfE2464.html [2011-01-16 18:52:44 | 013,335,424 | ---- | C] () -- C:\Users\User\Desktop\EBOOT.BIN [2011-01-16 18:00:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjx2292.html [2011-01-16 17:52:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPl4164.html [2011-01-16 17:52:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXg4164.html [2011-01-16 17:08:55 | 003,120,012 | ---- | C] () -- C:\Users\User\Documents\Nowy folder.rar [2011-01-16 15:53:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempas2664.html [2011-01-16 07:52:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphl2204.html [2011-01-15 22:25:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgB2108.html [2011-01-15 22:25:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLc2108.html [2011-01-15 09:36:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAO2632.html [2011-01-14 22:30:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBP2604.html [2011-01-14 22:02:28 | 000,055,626 | ---- | C] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg [2011-01-14 16:04:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptA3752.html [2011-01-14 15:12:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsN2728.html [2011-01-13 19:17:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYo2256.html [2011-01-12 19:21:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUH3092.html [2011-01-12 17:48:18 | 000,103,345 | ---- | C] () -- C:\Users\User\Desktop\Untitled-2.gif [2011-01-12 14:42:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templr2400.html [2011-01-12 08:16:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwb2572.html [2011-01-12 08:16:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkZ2572.html [2011-01-11 18:43:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTR3004.html [2011-01-11 18:43:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMH3004.html [2011-01-11 16:37:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTk2340.html [2011-01-11 16:07:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKx2340.html [2011-01-11 06:43:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRp2428.html [2011-01-11 06:43:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGJ2428.html [2011-01-10 14:49:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempto3188.html [2011-01-09 12:13:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCZ2452.html [2011-01-08 13:18:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJm2492.html [2011-01-07 22:09:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbW3240.html [2011-01-07 15:50:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmR2188.html [2011-01-07 07:58:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoW2396.html [2011-01-07 07:58:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCd2396.html [2011-01-06 13:20:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWST992.html [2011-01-06 13:20:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYZb992.html [2011-01-05 15:00:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdU2520.html [2011-01-05 08:30:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUE2660.html [2011-01-05 08:30:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempaE2660.html [2011-01-04 20:22:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLx2092.html [2011-01-04 19:23:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempts2884.html [2011-01-04 17:30:03 | 061,002,212 | ---- | C] () -- C:\Users\User\Documents\0UpAB12_t34.rar [2011-01-04 16:12:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxB2144.html [2011-01-04 06:07:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfm2460.html [2011-01-04 06:07:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnJ2460.html [2011-01-03 21:48:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZp3276.html [2011-01-03 15:20:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSL2660.html [2011-01-02 16:40:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUg2104.html [2011-01-02 12:29:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMh2928.html [2011-01-01 11:21:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDU3268.html [2011-01-01 11:21:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsf3268.html [2011-01-01 00:37:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKE3456.html [2011-01-01 00:37:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaw3456.html [2010-12-30 12:57:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYK2168.html [2010-12-30 08:10:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIO2196.html [2010-12-30 08:10:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCK2196.html [2010-12-29 10:37:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcp2444.html [2010-12-28 15:34:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfr2220.html [2010-12-28 15:34:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCr2220.html [2010-12-28 15:33:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZs2208.html [2010-12-28 15:33:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempuQ2208.html [2010-12-28 11:20:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGh2488.html [2010-12-28 11:20:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmx2488.html [2010-12-28 08:02:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdG2380.html [2010-12-28 08:02:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempce2380.html [2010-12-27 23:36:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkq1864.html [2010-12-27 20:33:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphf1904.html [2010-12-27 17:49:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppb2760.html [2010-12-27 14:44:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcH2312.html [2010-12-27 11:50:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg2176.html [2010-12-27 11:50:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempql2176.html [2010-12-27 08:23:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcB2192.html [2010-12-26 23:35:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDA2268.html [2010-12-26 11:31:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDg2568.html [2010-12-26 08:11:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeD2868.html [2010-12-25 18:02:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvj2020.html [2010-12-25 14:55:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjn3632.html [2010-12-25 14:55:09 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUy3632.html [2010-12-25 14:11:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIc2512.html [2010-12-25 12:46:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFi4072.html [2010-12-25 12:46:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGS4072.html [2010-12-25 12:16:10 | 000,006,341 | ---- | C] () -- C:\Users\User\Documents\Mój film.wlmp [2010-12-25 12:13:08 | 036,631,171 | ---- | C] () -- C:\Users\User\Desktop\Mój film.wmv [2010-12-25 11:41:16 | 000,001,261 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2010-12-25 11:38:25 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2010-12-25 11:36:44 | 000,000,020 | ---- | C] () -- C:\Windows\„ö› [2010-12-25 11:32:55 | 000,004,309 | -H-- | C] () -- C:\Users\User\Documents\21_Going Wrong (Acoustic Version).mp3.jpg [2010-12-25 11:32:45 | 000,004,309 | -H-- | C] () -- C:\Users\User\Documents\07_Going Wrong (Original Mix).mp3.jpg [2010-12-25 11:32:44 | 000,009,554 | -H-- | C] () -- C:\Users\User\Documents\06 gorillaz - feel good inc.[www.mixermusic.net].mp3.jpg [2010-12-25 11:32:43 | 000,009,554 | -H-- | C] () -- C:\Users\User\Documents\05 gorillaz - dirty harry.[www.mixermusic.net].mp3.jpg [2010-12-25 11:05:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGp2440.html [2010-12-25 01:27:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFY3428.html [2010-12-24 22:16:49 | 000,056,655 | ---- | C] () -- C:\Users\User\Documents\090403_105719.jpg [2010-12-24 22:15:20 | 000,046,014 | ---- | C] () -- C:\Users\User\Documents\090403_105815.jpg [2010-12-24 22:13:49 | 000,069,861 | ---- | C] () -- C:\Users\User\Documents\090403_105656.jpg [2010-12-24 14:41:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprd1456.html [2010-12-24 11:54:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjJ3728.html [2010-12-24 08:29:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuO2136.html [2010-12-23 21:49:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwmt532.html [2010-12-23 20:29:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templa2508.html [2010-12-23 19:03:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbO2284.html [2010-12-23 19:03:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIc2284.html [2010-12-23 15:05:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUF2256.html [2010-12-23 15:05:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGD2256.html [2010-12-23 11:17:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOG1824.html [2010-12-23 11:17:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempoF1824.html [2010-12-23 10:00:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxM2248.html [2010-12-22 19:10:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempyI2248.html [2010-12-22 14:54:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm3300.html [2010-12-22 07:57:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfZ2124.html [2010-12-22 07:57:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYJ2124.html [2010-12-21 22:28:32 | 000,000,971 | ---- | C] () -- C:\Users\User\Desktop\SpeedFan.lnk [2010-12-21 22:28:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2010-12-21 22:28:30 | 000,000,000 | ---- | C] () -- C:\Users\User\Desktop\initdebug.nfo [2010-12-21 22:15:33 | 000,001,078 | ---- | C] () -- C:\Users\User\Desktop\EVEREST Home Edition.lnk [2010-12-21 21:04:32 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect.lnk [2010-12-21 15:58:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnu2120.html [2010-12-20 18:16:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkn1228.html [2010-12-20 17:09:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsg1968.html [2010-12-20 15:37:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXD2288.html [2010-12-20 15:01:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAx1812.html [2010-12-20 06:33:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaS3044.html [2010-12-20 06:06:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHW2296.html [2010-12-19 21:28:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgr3520.html [2010-12-19 20:52:05 | 000,001,008 | ---- | C] () -- C:\Users\User\Desktop\Virtual DJ Home.lnk [2010-12-19 08:51:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptD3932.html [2010-12-19 07:55:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZy2624.html [2010-12-18 23:54:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqR2732.html [2010-12-18 17:15:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmD2868.html [2010-12-18 08:24:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKR2480.html [2010-12-18 08:24:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSM2480.html [2010-12-17 15:58:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempky2072.html [2010-12-17 15:53:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppu2072.html [2010-12-16 20:27:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLE3968.html [2010-12-16 15:54:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsB2552.html [2010-12-15 20:47:11 | 000,000,959 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk [2010-12-15 20:47:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010-12-15 20:26:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCl3940.html [2010-12-15 14:50:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZM2112.html [2010-12-14 21:31:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWL1104.html [2010-12-14 20:44:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZG2328.html [2010-12-14 15:57:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSK2132.html [2010-12-14 15:57:42 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPu2132.html [2010-12-14 06:12:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGZ2356.html [2010-12-14 06:12:16 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnU2356.html [2010-12-13 16:34:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkp2340.html [2010-12-12 20:41:26 | 000,001,203 | ---- | C] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk [2010-12-12 20:41:18 | 000,001,362 | ---- | C] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter.lnk [2010-12-12 09:13:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXf2168.html [2010-12-11 22:21:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYp1888.html [2010-12-11 21:44:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCB2016.html [2010-12-11 15:29:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRk3264.html [2010-12-11 14:48:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxn1616.html [2010-12-11 09:16:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgC2392.html [2010-12-11 09:16:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempcE2392.html [2010-12-10 22:21:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqO3492.html [2010-12-10 15:56:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFns608.html [2010-12-10 13:45:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXO2068.html [2010-12-10 08:09:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJs2412.html [2010-12-10 08:09:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkA2412.html [2010-12-09 18:31:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPr2416.html [2010-12-09 15:55:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS2072.html [2010-12-09 15:55:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKn2072.html [2010-12-09 06:11:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBP2084.html [2010-12-09 06:11:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRx2084.html [2010-12-08 20:17:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempwV3928.html [2010-12-08 19:09:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg2320.html [2010-12-08 14:59:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeg2364.html [2010-12-08 14:59:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAN2364.html [2010-12-08 07:43:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAp2368.html [2010-12-08 07:43:19 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMJ2368.html [2010-12-07 19:55:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLf2984.html [2010-12-07 19:11:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvl2228.html [2010-12-06 21:42:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQh2304.html [2010-12-06 21:08:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeP2960.html [2010-12-06 21:08:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempur2960.html [2010-12-06 16:26:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbs2500.html [2010-12-06 06:06:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcF2408.html [2010-12-05 19:24:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMS1804.html [2010-12-05 16:36:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMG4028.html [2010-12-05 14:33:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOr2136.html [2010-12-05 11:20:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJd2872.html [2010-12-05 09:33:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprX3016.html [2010-12-05 08:18:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvg2280.html [2010-12-04 22:08:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTH2364.html [2010-12-04 21:09:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnx2092.html [2010-12-04 11:30:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEZ2320.html [2010-12-04 09:25:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUQ3356.html [2010-12-04 09:25:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphK3356.html [2010-12-04 07:37:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTj2328.html [2010-12-03 16:21:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKX2132.html [2010-12-02 20:13:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWS3356.html [2010-12-02 17:37:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPPH996.html [2010-12-02 16:24:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDR2296.html [2010-12-01 22:56:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqO2140.html [2010-12-01 19:48:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprj1088.html [2010-12-01 17:24:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsL3868.html [2010-12-01 16:06:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcf1616.html [2010-12-01 13:55:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempce2228.html [2010-11-30 20:43:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXT3376.html [2010-11-30 19:03:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGi2284.html [2010-11-30 15:52:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSF2212.html [2010-11-30 15:52:57 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfF2212.html [2010-11-30 06:04:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwv2268.html [2010-11-30 06:04:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwl2268.html [2010-11-29 21:54:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVm2080.html [2010-11-29 21:18:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKH3420.html [2010-11-29 19:18:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxz1880.html [2010-11-29 17:46:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm1208.html [2010-11-29 16:51:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLq2300.html [2010-11-29 06:06:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCo2968.html [2010-11-29 06:06:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWc2968.html [2010-11-28 21:22:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiD2736.html [2010-11-28 19:42:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCC3008.html [2010-11-28 19:03:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDp3528.html [2010-11-28 15:20:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkx2092.html [2010-11-28 13:49:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJp2064.html [2010-11-28 10:06:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEr1592.html [2010-11-28 08:52:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAw2076.html [2010-11-27 20:44:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuD2408.html [2010-11-27 16:39:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPU2060.html [2010-11-27 10:36:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHM3840.html [2010-11-27 10:36:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempmL3840.html [2010-11-27 09:23:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzz2596.html [2010-11-27 08:26:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPt2812.html [2010-11-26 21:08:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSN1560.html [2010-11-26 18:50:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvB3064.html [2010-11-26 16:18:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGr2548.html [2010-11-26 08:36:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempie2268.html [2010-11-26 08:36:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempab2268.html [2010-11-25 22:35:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempes2632.html [2010-11-25 20:17:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEk3428.html [2010-11-25 18:27:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppA2972.html [2010-11-25 17:33:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTF2972.html [2010-11-25 15:40:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprs1464.html [2010-11-25 15:04:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcz3872.html [2010-11-25 14:46:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTh2392.html [2010-11-24 19:21:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYN3964.html [2010-11-24 14:50:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXj2816.html [2010-11-24 07:50:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWa3084.html [2010-11-24 07:50:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBF3084.html [2010-11-23 19:28:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXH1264.html [2010-11-23 16:08:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnJ1104.html [2010-11-23 15:52:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS2292.html [2010-11-23 15:52:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdH2292.html [2010-11-23 08:18:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppkz352.html [2010-11-23 08:18:28 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAXP352.html [2010-11-22 21:13:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGT1980.html [2010-11-22 16:46:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoY2412.html [2010-11-22 06:13:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDJ2324.html [2010-11-21 20:58:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGJ2172.html [2010-11-21 20:58:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKf2172.html [2010-11-21 19:54:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUk2956.html [2010-11-21 19:21:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvt2604.html [2010-11-21 17:16:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCH3136.html [2010-11-21 16:21:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWPC608.html [2010-11-21 10:04:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempge3468.html [2010-11-21 10:04:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJM3468.html [2010-11-21 09:10:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBp3132.html [2010-11-20 22:28:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaN2124.html [2010-11-20 22:28:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDk2124.html [2010-11-20 21:49:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAQ2696.html [2010-11-20 20:39:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeb3144.html [2010-11-20 19:54:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPo2732.html [2010-11-20 19:54:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempoM2732.html [2010-11-20 09:27:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplT3048.html [2010-11-20 09:27:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNC3048.html [2010-11-19 18:33:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgp3680.html [2010-11-18 23:01:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplP3012.html [2010-11-18 19:34:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvm3924.html [2010-11-18 07:22:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLx2620.html [2010-11-18 07:22:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2620.html [2010-11-17 18:54:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJM1888.html [2010-11-17 17:55:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQr2004.html [2010-11-17 16:02:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNG1896.html [2010-11-16 16:13:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuq2692.html [2010-11-16 06:12:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplU3852.html [2010-11-15 21:53:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphS1176.html [2010-11-15 19:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIV2920.html [2010-11-15 19:22:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXq3632.html [2010-11-15 19:22:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCn3632.html [2010-11-15 15:22:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphl2644.html [2010-11-15 06:11:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKv3456.html [2010-11-15 06:11:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAs3456.html [2010-11-14 21:20:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTS2724.html [2010-11-14 20:33:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwt3184.html [2010-11-14 18:10:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjN2948.html [2010-11-14 16:56:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYb2760.html [2010-11-14 14:05:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRz3908.html [2010-11-14 11:26:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaH3768.html [2010-11-14 11:26:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJL3768.html [2010-11-14 11:24:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBl1172.html [2010-11-14 11:24:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMy1172.html [2010-11-14 09:26:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfn3740.html [2010-11-13 21:17:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqu1492.html [2010-11-13 17:55:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRw2984.html [2010-11-13 17:51:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuJ3072.html [2010-11-13 10:23:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfy2660.html [2010-11-12 16:06:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzr2984.html [2010-11-12 16:06:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphU2984.html [2010-11-12 07:37:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHr2084.html [2010-11-12 07:37:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppS2084.html [2010-11-11 22:22:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templv2040.html [2010-11-11 18:58:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMoN968.html [2010-11-11 18:16:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDl2032.html [2010-11-11 08:58:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvd2704.html [2010-11-10 22:02:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTw3392.html [2010-11-10 14:48:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzR2676.html [2010-11-10 07:38:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBs2592.html [2010-11-10 07:38:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJR2592.html [2010-11-09 21:07:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjfp584.html [2010-11-09 15:53:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyv2744.html [2010-11-09 06:07:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTg2624.html [2010-11-09 06:07:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAo2624.html [2010-11-08 15:33:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTG2024.html [2010-11-08 15:33:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBn2024.html [2010-11-08 12:38:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoA3272.html [2010-11-08 06:08:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKP3228.html [2010-11-08 06:08:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDX3228.html [2010-11-07 20:31:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPG2960.html [2010-11-07 11:18:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprt1132.html [2010-11-07 08:49:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKah700.html [2010-11-06 13:23:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWh2664.html [2010-11-06 09:48:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNMS792.html [2010-11-05 22:03:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgE3252.html [2010-11-05 17:22:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRQ2716.html [2010-11-05 16:27:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCF2616.html [2010-11-05 08:05:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKt3268.html [2010-11-05 08:05:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTz3268.html [2010-11-04 16:06:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqM2908.html [2010-11-04 06:08:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAY3212.html [2010-11-04 06:08:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuu3212.html [2010-11-03 15:07:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFx2644.html [2010-11-03 07:23:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppw2028.html [2010-11-02 14:55:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsR2456.html [2010-11-02 08:27:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwn3124.html [2010-11-02 08:27:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcj3124.html [2010-11-01 22:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempno3028.html [2010-11-01 13:26:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEg2248.html [2010-11-01 08:59:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempoi3104.html [2010-10-31 08:35:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkk2432.html [2010-10-30 09:03:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDq2432.html [2010-10-30 09:03:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeq2432.html [2010-10-30 07:54:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFD3268.html [2010-10-30 07:54:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempos3268.html [2010-10-29 23:04:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoW3592.html [2010-10-29 23:04:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDd3592.html [2010-10-29 14:55:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOY1924.html [2010-10-29 06:38:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppk3096.html [2010-10-29 06:38:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQt3096.html [2010-10-28 15:07:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDS2972.html [2010-10-28 05:04:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsr2884.html [2010-10-28 05:04:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempul2884.html [2010-10-27 19:14:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQr1736.html [2010-10-27 14:24:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxU2744.html [2010-10-27 06:30:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempID1588.html [2010-10-27 06:30:17 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempym1588.html [2010-10-26 14:15:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTt2624.html [2010-10-26 14:15:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJS2624.html [2010-10-26 05:05:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempoc2808.html [2010-10-25 05:58:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXH2512.html [2010-10-25 05:58:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzc2512.html [2010-10-24 07:38:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGl2372.html [2010-10-23 20:42:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTV2408.html [2010-10-23 08:44:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEy2268.html [2010-10-23 08:44:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDI2268.html [2010-10-22 18:15:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDu2312.html [2010-10-22 18:15:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVv2312.html [2010-10-22 06:29:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempil2280.html [2010-10-22 06:29:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwU2280.html [2010-10-21 19:41:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQu2368.html [2010-10-21 19:41:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemprQ2368.html [2010-10-21 05:04:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjt2692.html [2010-10-21 05:04:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempno2692.html [2010-10-20 12:57:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYB2240.html [2010-10-20 06:36:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempyD2424.html [2010-10-20 06:36:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQz2424.html [2010-10-19 17:37:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmZ2516.html [2010-10-19 15:15:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyc1176.html [2010-10-19 15:15:47 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBf1176.html [2010-10-19 05:06:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkj1188.html [2010-10-19 05:06:19 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSF1188.html [2010-10-18 19:43:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAX2556.html [2010-10-18 17:05:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDrW628.html [2010-10-18 05:06:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIB2340.html [2010-10-17 17:36:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiM2260.html [2010-10-17 17:36:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPY2260.html [2010-10-17 10:11:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHN2796.html [2010-10-17 10:11:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkD2796.html [2010-10-16 16:12:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJI2032.html [2010-10-16 12:37:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvu3112.html [2010-10-16 12:37:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWZ3112.html [2010-10-16 08:31:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXh2480.html [2010-10-16 08:31:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphM2480.html [2010-10-15 14:55:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTs2532.html [2010-10-15 06:32:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppK2660.html [2010-10-15 06:32:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphD2660.html [2010-10-14 17:10:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuRz648.html [2010-10-14 17:10:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBqG648.html [2010-10-14 13:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprE2180.html [2010-10-14 07:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzh2208.html [2010-10-14 07:41:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Templw2208.html [2010-10-13 22:27:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxP2440.html [2010-10-13 06:28:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGN2256.html [2010-10-13 06:28:02 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKj2256.html [2010-10-12 20:05:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgc2512.html [2010-10-12 20:05:42 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempik2512.html [2010-10-12 17:31:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempovi540.html [2010-10-12 17:31:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempabs540.html [2010-10-12 14:59:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsk2612.html [2010-10-12 14:59:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDS2612.html [2010-10-11 18:58:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzK2232.html [2010-10-11 18:58:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnM2232.html [2010-10-11 13:41:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNN2328.html [2010-10-11 13:41:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfy2328.html [2010-10-10 07:24:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAs2536.html [2010-10-09 07:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempam2332.html [2010-10-08 14:38:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphX4076.html [2010-10-08 06:59:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcV2200.html [2010-10-08 06:59:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJG2200.html [2010-10-07 05:04:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCQ2684.html [2010-10-07 05:04:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiX2684.html [2010-10-05 17:56:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprH1196.html [2010-10-04 13:56:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHz2212.html [2010-10-03 17:53:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNA3552.html [2010-10-03 07:54:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptk2324.html [2010-10-02 22:29:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAJ3384.html [2010-10-02 08:34:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbF2448.html [2010-10-01 15:13:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqs2280.html [2010-09-30 17:37:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUV3348.html [2010-09-30 17:37:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphP3348.html [2010-09-29 16:04:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgd3092.html [2010-09-29 06:49:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkL3536.html [2010-09-28 17:31:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQP2264.html [2010-09-28 05:05:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzb2772.html [2010-09-28 05:05:56 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVb2772.html [2010-09-27 13:50:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJl2644.html [2010-09-27 13:50:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempOd2644.html [2010-09-27 05:04:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempra2492.html [2010-09-27 05:04:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLg2492.html [2010-09-26 17:27:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWq3836.html [2010-09-26 06:54:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHA2212.html [2010-09-25 20:00:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqPN888.html [2010-09-25 17:22:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxg2692.html [2010-09-25 11:02:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnH3640.html [2010-09-25 07:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbf3404.html [2010-09-24 21:58:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempca2212.html [2010-09-24 15:09:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaJ2492.html [2010-09-24 06:29:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLg2700.html [2010-09-23 15:12:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjv2276.html [2010-09-22 06:34:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfO3324.html [2010-09-21 14:50:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEp2000.html [2010-09-21 05:06:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTd2832.html [2010-09-21 05:06:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMQ2832.html [2010-09-20 05:06:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvs3128.html [2010-09-20 05:06:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHV3128.html [2010-09-19 09:44:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzv2548.html [2010-09-19 09:44:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdN2548.html [2010-09-19 05:33:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNS2296.html [2010-09-19 05:33:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUO2296.html [2010-09-18 22:01:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZu2248.html [2010-09-18 11:37:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDs3804.html [2010-09-18 08:15:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDt2732.html [2010-09-17 14:54:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmT2248.html [2010-09-17 14:54:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKp2248.html [2010-09-17 06:30:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKK2552.html [2010-09-17 06:30:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHT2552.html [2010-09-16 14:57:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprh2592.html [2010-09-16 14:57:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgz2592.html [2010-09-16 05:07:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUh3128.html [2010-09-16 05:07:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnI3128.html [2010-09-15 19:34:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwc2780.html [2010-09-15 19:34:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGB2780.html [2010-09-15 13:11:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXd2376.html [2010-09-15 06:56:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEG3448.html [2010-09-15 06:56:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCe3448.html [2010-09-14 19:27:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfl3536.html [2010-09-14 19:27:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDG3536.html [2010-09-14 18:00:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiO2088.html [2010-09-14 15:24:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMG2248.html [2010-09-14 05:08:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVi2824.html [2010-09-14 05:08:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQO2824.html [2010-09-13 19:15:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE3312.html [2010-09-13 19:15:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgj3312.html [2010-09-13 14:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnH2052.html [2010-09-13 05:45:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvY2752.html [2010-09-13 05:45:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKQ2752.html [2010-09-12 07:49:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKc2540.html [2010-09-11 21:56:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempve1356.html [2010-09-11 21:56:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxx1356.html [2010-09-11 07:36:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzC2156.html [2010-09-10 13:07:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkK2216.html [2010-09-10 06:37:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2688.html [2010-09-10 06:37:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPd2688.html [2010-09-09 05:13:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnU2648.html [2010-09-09 05:13:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqb2648.html [2010-09-08 15:47:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxm2768.html [2010-09-08 15:47:02 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXB2768.html [2010-09-07 15:11:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempow2208.html [2010-09-07 15:11:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCG2208.html [2010-09-06 14:08:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHF2176.html [2010-09-06 14:08:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSq2176.html [2010-09-05 14:11:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphe1328.html [2010-09-05 08:35:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWJ2136.html [2010-09-05 08:35:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempbS2136.html [2010-09-04 14:48:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempih1228.html [2010-09-04 14:48:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temprg1228.html [2010-09-04 13:32:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2010-09-04 12:56:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempor2348.html [2010-09-04 10:04:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templb2332.html [2010-09-04 10:04:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj2332.html [2010-09-01 07:49:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjL2228.html [2010-09-01 07:49:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIG2228.html [2010-08-31 17:25:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiu2148.html [2010-08-31 17:25:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXp2148.html [2010-08-30 20:24:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRO2860.html [2010-08-30 20:24:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempeL2860.html [2010-08-30 08:22:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVD2168.html [2010-08-29 22:58:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEFw312.html [2010-08-29 22:58:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQOA312.html [2010-08-29 15:06:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmz3036.html [2010-08-29 10:18:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKQ2272.html [2010-08-29 10:18:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMf2272.html [2010-08-28 17:35:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSq2804.html [2010-08-28 14:39:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBl2172.html [2010-08-27 12:20:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft3988.html [2010-08-27 07:44:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdr2192.html [2010-08-26 19:25:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuU3632.html [2010-08-24 07:05:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnx2204.html [2010-08-20 21:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzZ2624.html [2010-08-20 14:16:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprZ2408.html [2010-08-20 14:16:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEH2408.html [2010-08-20 07:32:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnI2544.html [2010-08-20 07:32:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmq2544.html [2010-08-19 20:33:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuW3492.html [2010-08-19 20:33:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSJ3492.html [2010-08-19 15:26:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempML2388.html [2010-08-19 14:44:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGW1496.html [2010-08-19 14:44:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRi1496.html [2010-08-19 10:05:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBC3908.html [2010-08-19 10:05:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGq3908.html [2010-08-19 07:41:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdkR572.html [2010-08-18 16:23:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXEa912.html [2010-08-18 16:22:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZb2920.html [2010-08-18 16:22:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkA2920.html [2010-08-18 10:37:15 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\logonInit.dll [2010-08-17 20:05:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXYN948.html [2010-08-17 20:05:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVqk948.html [2010-08-17 07:37:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempss1040.html [2010-08-16 16:26:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft2516.html [2010-08-16 16:26:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIJ2516.html [2010-08-16 15:31:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbP2104.html [2010-08-16 15:31:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIL2104.html [2010-08-16 14:32:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprR2664.html [2010-08-16 14:32:23 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiU2664.html [2010-08-16 08:10:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjL2956.html [2010-08-16 08:10:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnB2956.html [2010-08-15 14:30:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGq1384.html [2010-08-15 14:30:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe1384.html [2010-08-15 13:37:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRU2844.html [2010-08-15 13:37:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxN2844.html [2010-08-15 13:21:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiiW328.html [2010-08-14 22:28:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphk3764.html [2010-08-14 22:28:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGR3764.html [2010-08-14 08:20:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZz1632.html [2010-08-14 07:20:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPRH460.html [2010-08-14 07:20:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzzd460.html [2010-08-13 17:20:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAV2192.html [2010-08-13 17:20:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcg2192.html [2010-08-13 17:17:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnj1912.html [2010-08-13 17:17:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkI1912.html [2010-08-13 13:10:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxF2140.html [2010-08-13 13:10:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqV2140.html [2010-08-13 09:39:23 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMF2124.html [2010-08-13 09:39:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVn2124.html [2010-08-13 07:38:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVy2196.html [2010-08-13 07:38:55 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temppw2196.html [2010-08-12 20:23:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRg2164.html [2010-08-12 20:23:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDt2164.html [2010-08-12 07:40:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUX2164.html [2010-08-12 07:40:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsv2164.html [2010-08-11 07:06:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBf2176.html [2010-08-11 07:06:06 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQ2176.html [2010-08-10 07:59:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYm2116.html [2010-08-09 17:02:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempir2164.html [2010-08-09 14:45:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqh1776.html [2010-08-09 14:45:47 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptG1776.html [2010-08-09 07:39:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempto1828.html [2010-08-09 07:39:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfx1828.html [2010-08-08 19:25:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqC2120.html [2010-08-08 19:25:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUC2120.html [2010-08-08 17:24:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsx2116.html [2010-08-08 17:24:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHd2116.html [2010-08-08 15:13:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPl2228.html [2010-08-08 15:13:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLM2228.html [2010-08-08 11:17:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkh2124.html [2010-08-08 11:17:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEm2124.html [2010-08-08 10:13:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgS2088.html [2010-08-08 10:13:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzc2088.html [2010-08-07 19:06:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYe2112.html [2010-08-07 11:16:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppt2120.html [2010-08-07 11:16:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempuQ2120.html [2010-08-07 07:13:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHU2116.html [2010-08-07 07:13:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCT2116.html [2010-08-06 21:56:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempul3348.html [2010-08-06 21:38:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLO2076.html [2010-08-06 13:45:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft2104.html [2010-08-06 13:45:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUp2104.html [2010-08-06 12:49:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempap2092.html [2010-08-06 12:49:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVw2092.html [2010-08-06 12:24:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSTW672.html [2010-08-06 12:24:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDGF672.html [2010-08-06 10:51:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templa2072.html [2010-08-06 08:32:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuW2092.html [2010-08-06 08:32:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDa2092.html [2010-08-05 15:24:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCs2180.html [2010-08-05 08:49:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyw2140.html [2010-08-05 08:49:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyl2140.html [2010-08-04 13:19:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfv3540.html [2010-08-04 13:19:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEI3540.html [2010-08-04 07:28:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDH2132.html [2010-08-03 20:08:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgK2200.html [2010-08-03 20:08:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempOB2200.html [2010-08-03 16:30:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVL2112.html [2010-08-03 14:42:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfk1228.html [2010-08-03 14:42:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqE1228.html [2010-08-03 13:44:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGVE808.html [2010-08-03 13:44:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLrs808.html [2010-08-03 09:03:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvL2096.html [2010-08-03 09:03:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVB2096.html [2010-08-02 16:13:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempou3352.html [2010-08-02 11:41:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDN2104.html [2010-08-02 09:49:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplX2192.html [2010-08-02 09:49:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemplF2192.html [2010-08-02 07:09:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaT2200.html [2010-08-02 07:09:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempZG2200.html [2010-08-01 07:50:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXu2084.html [2010-08-01 07:50:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbT2084.html [2010-08-01 07:50:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppW2084.html [2010-07-31 17:52:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuB2632.html [2010-07-31 17:52:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDy2632.html [2010-07-31 17:52:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppR2632.html [2010-07-31 14:24:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcJ2188.html [2010-07-31 12:58:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzF3836.html [2010-07-31 12:58:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphh3836.html [2010-07-31 12:58:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuz3836.html [2010-07-31 12:58:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSw3836.html [2010-07-31 10:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKS3816.html [2010-07-31 10:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcp3816.html [2010-07-31 07:19:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsz2120.html [2010-07-31 07:19:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj2120.html [2010-07-30 20:04:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsMh420.html [2010-07-30 10:33:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgi2064.html [2010-07-30 10:33:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqP2064.html [2010-07-30 10:33:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXw2064.html [2010-07-30 06:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQM2156.html [2010-07-30 06:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHq2156.html [2010-07-30 06:41:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempcS2156.html [2010-07-29 21:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXb2676.html [2010-07-29 21:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRO2676.html [2010-07-29 21:45:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAl2676.html [2010-07-29 20:16:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAT2156.html [2010-07-29 20:16:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLR2156.html [2010-07-29 16:38:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVJ2956.html [2010-07-29 16:38:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTU2956.html [2010-07-29 16:38:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppE2956.html [2010-07-29 07:22:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempak1956.html [2010-07-28 15:15:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprO1780.html [2010-07-28 15:15:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOZ1780.html [2010-07-28 10:45:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUr1744.html [2010-07-28 08:08:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJqG920.html [2010-07-28 08:08:17 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfUt920.html [2010-07-28 08:08:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYNu920.html [2010-07-27 13:38:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyj3676.html [2010-07-27 13:38:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnL3676.html [2010-07-27 13:37:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqEf660.html [2010-07-27 07:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvh2184.html [2010-07-27 07:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppv2184.html [2010-07-27 07:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temptj2184.html [2010-07-27 07:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJx2184.html [2010-07-26 12:29:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCf2120.html [2010-07-26 12:29:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXu2120.html [2010-07-26 12:29:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYz2120.html [2010-07-26 07:29:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqk2120.html [2010-07-26 07:29:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXw2120.html [2010-07-26 07:29:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKs2120.html [2010-07-26 07:29:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgr2120.html [2010-07-25 17:51:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm2096.html [2010-07-25 17:51:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJE2096.html [2010-07-25 17:25:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOu2320.html [2010-07-25 17:25:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfb2320.html [2010-07-25 17:25:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWN2320.html [2010-07-25 17:25:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempge2320.html [2010-07-25 11:22:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqo2176.html [2010-07-25 11:22:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCl2176.html [2010-07-25 10:27:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbV2128.html [2010-07-25 10:27:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYn2128.html [2010-07-25 10:27:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiy2128.html [2010-07-25 07:39:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxZ2136.html [2010-07-25 07:39:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAg2136.html [2010-07-25 07:39:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCT2136.html [2010-07-24 16:46:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvO2136.html [2010-07-24 16:46:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaZ2136.html [2010-07-24 16:46:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNQ2136.html [2010-07-24 07:08:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe2124.html [2010-07-24 07:08:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMj2124.html [2010-07-23 20:14:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVQ2660.html [2010-07-23 20:14:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnd2660.html [2010-07-23 17:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsu2112.html [2010-07-23 17:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBw2112.html [2010-07-23 14:10:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLA2104.html [2010-07-23 14:10:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyd2104.html [2010-07-23 06:58:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAfP428.html [2010-07-23 06:58:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempayH428.html [2010-07-23 06:58:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcle428.html [2010-07-23 06:58:55 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppOC428.html [2010-07-22 18:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqH2220.html [2010-07-22 18:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAH2220.html [2010-07-22 12:51:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKR2168.html [2010-07-22 12:51:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdw2168.html [2010-07-22 12:51:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxa2168.html [2010-07-22 11:15:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcR1776.html [2010-07-22 11:15:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVX1776.html [2010-07-22 11:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjE1776.html [2010-07-22 11:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptP1776.html [2010-07-22 08:11:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempId2092.html [2010-07-22 08:11:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJH2092.html [2010-07-22 08:11:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFI2092.html [2010-07-22 08:11:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTS2092.html [2010-07-21 18:34:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHv2092.html [2010-07-21 18:34:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQs2092.html [2010-07-21 13:00:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHt1212.html [2010-07-21 13:00:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBs1212.html [2010-07-21 08:05:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqz1212.html [2010-07-21 08:05:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwL1212.html [2010-07-21 08:05:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS1212.html [2010-07-20 20:18:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuX2136.html [2010-07-20 20:18:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxp2136.html [2010-07-20 14:19:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppB1764.html [2010-07-20 14:19:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQA1764.html [2010-07-20 14:19:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkj1764.html [2010-07-20 08:21:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprX2072.html [2010-07-20 08:21:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQo2072.html [2010-07-19 10:24:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUw2200.html [2010-07-19 10:24:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTO2200.html [2010-07-19 10:24:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUS2200.html [2010-07-19 07:26:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZO2068.html [2010-07-19 07:26:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIw2068.html [2010-07-19 07:26:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temptq2068.html [2010-07-19 07:26:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdI2068.html [2010-07-18 22:12:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfZ2084.html [2010-07-18 22:12:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdM2084.html [2010-07-18 21:35:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsl2252.html [2010-07-18 21:35:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWw2252.html [2010-07-18 21:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRo2252.html [2010-07-18 14:59:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempze1740.html [2010-07-18 14:59:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHG1740.html [2010-07-18 14:59:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPW1740.html [2010-07-18 14:59:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHI1740.html [2010-07-18 07:23:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGS2216.html [2010-07-18 07:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVN2216.html [2010-07-17 21:28:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNm2276.html [2010-07-17 21:28:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwy2276.html [2010-07-17 21:28:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjj2276.html [2010-07-17 21:28:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQf2276.html [2010-07-17 18:11:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxj2196.html [2010-07-17 18:11:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempod2196.html [2010-07-17 18:11:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeK2196.html [2010-07-17 18:11:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLO2196.html [2010-07-17 14:29:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQP2088.html [2010-07-17 14:29:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDR2088.html [2010-07-17 14:29:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLc2088.html [2010-07-17 14:29:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaw2088.html [2010-07-17 08:03:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdc2204.html [2010-07-17 08:03:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbr2204.html [2010-07-16 18:15:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTm2172.html [2010-07-16 07:41:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeY2068.html [2010-07-16 07:41:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDJ2068.html [2010-07-16 07:41:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBz2068.html [2010-07-16 07:41:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVx2068.html [2010-07-15 20:40:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvN2168.html [2010-07-15 17:53:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2168.html [2010-07-15 12:26:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTj1348.html [2010-07-15 12:26:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm1348.html [2010-07-15 08:18:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsh2060.html [2010-07-15 08:18:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempei2060.html [2010-07-14 20:33:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKi2456.html [2010-07-14 17:53:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwa2332.html [2010-07-14 07:43:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAz2104.html [2010-07-13 17:42:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempai2064.html [2010-07-13 17:42:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxS2064.html [2010-07-13 15:29:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptd2140.html [2010-07-13 07:56:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQF2120.html [2010-07-12 11:24:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMe1288.html [2010-07-12 07:11:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAG1572.html [2010-07-11 16:10:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkZH288.html [2010-07-11 15:13:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiw1876.html [2010-07-11 15:13:06 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwE1876.html [2010-07-11 10:26:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZy2092.html [2010-07-11 10:26:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxM2092.html [2010-07-11 08:29:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmW1952.html [2010-07-11 08:29:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzd1952.html [2010-07-11 07:52:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphR2156.html [2010-07-10 22:36:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMU3508.html [2010-07-10 19:40:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWF2112.html [2010-07-10 09:55:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVF2152.html [2010-07-10 08:04:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRw1224.html [2010-07-10 08:04:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempol1224.html [2010-07-09 18:35:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTnI944.html [2010-07-09 13:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxa3764.html [2010-07-09 13:23:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxo3764.html [2010-07-09 12:56:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEKU796.html [2010-07-09 09:52:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEC2072.html [2010-07-09 07:45:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAO1620.html [2010-07-08 16:18:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkQ2124.html [2010-07-08 16:18:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemplB2124.html [2010-07-08 07:17:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoT1724.html [2010-07-08 07:17:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVy1724.html [2010-07-07 20:06:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg1884.html [2010-07-07 08:21:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwg1432.html [2010-07-07 08:21:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvT1432.html [2010-07-06 07:41:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmh1752.html [2010-07-05 20:57:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOY3760.html [2010-07-05 20:57:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWo3760.html [2010-07-05 16:49:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHn1516.html [2010-07-05 13:05:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempREi984.html [2010-07-05 11:49:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHM1544.html [2010-07-05 11:49:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAo1544.html [2010-07-05 11:06:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIf2820.html [2010-07-05 07:28:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWL2032.html [2010-07-04 18:53:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfE1768.html [2010-07-04 10:45:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHnO732.html [2010-07-04 10:45:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnZj732.html [2010-07-03 12:27:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuo2096.html [2010-07-03 12:27:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvA2096.html [2010-07-03 06:21:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOT1848.html [2010-07-02 16:57:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoC2580.html [2010-07-02 16:57:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBm2580.html [2010-07-02 15:23:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempac3096.html [2010-07-02 06:16:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoE1976.html [2010-07-01 06:12:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmO1732.html [2010-07-01 06:12:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVN1732.html [2010-06-30 06:21:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempws1500.html [2010-06-29 14:30:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempre1548.html [2010-06-29 10:25:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjA1560.html [2010-06-29 10:25:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQj1560.html [2010-06-28 22:02:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKu2592.html [2010-06-28 22:02:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcq2592.html [2010-06-28 21:05:48 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg [2010-06-28 20:57:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmc3580.html [2010-06-28 10:11:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjA1984.html [2010-06-28 07:37:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMr1448.html [2010-06-27 18:20:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempElU796.html [2010-06-27 18:20:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBEt796.html [2010-06-27 16:04:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPd2700.html [2010-06-27 08:39:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxPP412.html [2010-06-27 06:40:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE1388.html [2010-06-26 21:57:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXV3032.html [2010-06-26 20:09:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHy1556.html [2010-06-26 19:09:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOc1516.html [2010-06-26 19:09:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempjX1516.html [2010-06-26 13:00:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSC1264.html [2010-06-26 13:00:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempFJ1264.html [2010-06-26 11:13:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFd3848.html [2010-06-26 09:09:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKvY108.html [2010-06-26 06:00:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqCi284.html [2010-06-25 22:36:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSX2356.html [2010-06-25 22:36:28 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUE2356.html [2010-06-25 06:45:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQq1988.html [2010-06-25 06:45:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEM1988.html [2010-06-24 18:18:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJa1844.html [2010-06-24 18:18:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNl1844.html [2010-06-24 16:06:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfK3240.html [2010-06-24 15:30:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPf1988.html [2010-06-24 15:30:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRi1988.html [2010-06-24 15:02:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsK2016.html [2010-06-24 15:02:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkH2016.html [2010-06-24 09:27:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdV1960.html [2010-06-24 09:27:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUR1960.html [2010-06-23 20:32:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqR2464.html [2010-06-23 17:25:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKe1992.html [2010-06-23 12:59:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCm4076.html [2010-06-23 12:59:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWz4076.html [2010-06-23 09:02:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIX2088.html [2010-06-23 07:04:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVM1812.html [2010-06-23 07:04:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempjI1812.html [2010-06-22 20:31:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFnS396.html [2010-06-22 19:02:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyd3732.html [2010-06-22 19:02:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJN3732.html [2010-06-22 07:05:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnR2000.html [2010-06-21 06:24:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFX1032.html [2010-06-21 06:24:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj1032.html [2010-06-20 18:17:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvB1872.html [2010-06-20 13:44:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqS3280.html [2010-06-20 11:45:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEAj908.html [2010-06-20 08:51:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAzJ404.html [2010-06-20 07:07:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprm1912.html [2010-06-20 07:07:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptW1912.html [2010-06-19 19:06:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKd1476.html [2010-06-19 19:06:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiJ1476.html [2010-06-19 16:14:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHS2120.html [2010-06-19 13:35:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRz3468.html [2010-06-19 09:05:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaq1472.html [2010-06-18 16:10:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptl1692.html [2010-06-18 16:10:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsn1692.html [2010-06-17 14:09:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVWs272.html [2010-06-17 13:54:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEk1064.html [2010-06-17 13:54:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphX1064.html [2010-06-17 07:14:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQq404.html [2010-06-17 07:14:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempmQT404.html [2010-06-17 06:40:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHk1124.html [2010-06-17 06:40:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempID1124.html [2010-06-16 19:16:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYJ3576.html [2009-07-14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2004-09-24 00:31:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2004-07-29 18:08:30 | 000,024,633 | ---- | C] () -- C:\Windows\php.ini [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-08-26 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity [2010-06-24 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2010-12-12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2011-01-11 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gadu-Gadu 10 [2010-06-21 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER [2010-06-28 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World [2010-06-17 08:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenFM [2010-07-12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera [2011-02-05 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PandoraRecovery [2010-09-27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall [2010-12-27 19:22:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tibia [2011-01-30 11:13:56 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-28 12:00:22 | 000,182,324 | ---- | M] () -- C:\38856.rar [2010-08-13 17:13:38 | 000,000,039 | ---- | M] () -- C:\597.ini [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-06-16 16:29:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-18 23:15:13 | 000,296,482 | RHS- | M] () -- C:\CBYIQ [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-09-05 10:58:03 | 000,000,453 | ---- | M] () -- C:\Gry (D).lnk [2011-02-06 21:55:20 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg [2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-02-06 21:55:21 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys [2010-11-18 23:15:13 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2010-07-28 11:29:52 | 000,002,033 | ---- | M] () -- C:\wsite.lnk [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >[/log] info.txt [log]info.txt logfile of random's system information tool 1.08 2011-02-06 22:13:56 ======Uninstall list====== -->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623} Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" BearShare-->"C:\ProgramData\{37490DE3-F7B0-4FFB-ACAD-E9674CA2AD24}\BearShare_V9_pl_Setup.exe" REMOVE=TRUE MODIFY=FALSE BearShare-->C:\ProgramData\{37490DE3-F7B0-4FFB-ACAD-E9674CA2AD24}\BearShare_V9_pl_Setup.exe Cabal Online Europe - Radiant Hall-->"D:\patch\unins000.exe" Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917} Cheat Engine 5.6.1-->"C:\Program Files\Cheat Engine\unins000.exe" Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} Counter-Strike: Source-->"D:\Steam\steam.exe" steam://uninstall/240 D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe" Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5} DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Free Audio CD Burner version 1.4.7-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free YouTube to MP3 Converter version 3.9.31-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} Google Chrome-->"C:\Program Files\Google\Chrome\Application\9.0.597.84\Installer\setup.exe" --uninstall --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly Half-Life 2: Episode One-->"D:\Steam\steam.exe" steam://uninstall/380 Half-Life 2: Episode Two-->"D:\Steam\steam.exe" steam://uninstall/420 Half-Life 2-->"D:\Steam\steam.exe" steam://uninstall/220 Harry Potter i Książę Półkrwi™-->MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1} Harry Potter TM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x15 Uninstall Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe" Mad Catz Xbox PC Driver-->MsiExec.exe /I{47A85B97-AE27-4963-A839-9B454A7E73A7} Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe MediaBar-->"C:\Program Files\BearShare Applications\MediaBar\UnwiseLauncher.exe" /A "C:\Program Files\BearShare Applications\MediaBar\\INSTALL.LOG" Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Moonbase Alpha-->"D:\Steam\steam.exe" steam://uninstall/39000 Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly Need for Speed™ Most Wanted-->D:\Need for Speed Most Wanted\EAUninstall.exe NSIS Example2-->"C:\Program Files\Tibia Auto\uninstall.exe" NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32} PandoraRecovery (Remove Only)-->"C:\Program Files\Pandora Recovery\Uninstall.exe" PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Portal-->"D:\Steam\steam.exe" steam://uninstall/400 psp ebook creator v1.0.3-->"C:\Program Files\psp ebook creator\unins000.exe" Python 2.4.4-->MsiExec.exe /I{60E2C8C9-6CF3-4B1A-9618-E304946C94E6} RapidShare Manager-->C:\Program Files\RapidShareManager\uninstall.exe Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Recuva-->"C:\Program Files\Recuva\uninst.exe" San Andreas Mod Installer-->"C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml" SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Star Wars(TM): Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe" -l0x15 Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubEdit - Vista WMP Patch-->"C:\Program Files\SubEdit-Player\WMP6_4\unins000.exe" SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe" Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Team Fortress 2-->"D:\Steam\steam.exe" steam://uninstall/440 The Sims Zwierzaki-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\Setup.exe" -l0015 Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe Tibia-->"E:\Program Files\Tibia2222323\unins000.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe UndeleteMyFiles-->"C:\Program Files\UndeleteMyFiles\unins000.exe" Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Unlimited Cabal-->MsiExec.exe /I{454070F6-2CAF-49DE-84E7-07DC177789FB} Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Virtual DJ Home - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Winamp 5.58 PL-->"C:\Program Files\Winamp\UninstWA_PL.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} ======Hosts File====== 127.0.0.1 activate.adobe.com ======System event log====== Computer Name: User-Komputer Event Code: 7036 Message: Usługa Klient DNS weszła w stan uruchomienia. Record Number: 41961 Source Name: Service Control Manager Time Written: 20100926055308.399624-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 7036 Message: Usługa Klient DHCP weszła w stan uruchomienia. Record Number: 41960 Source Name: Service Control Manager Time Written: 20100926055308.384024-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 51046 Message: Usługa klienta DHCPv6 została uruchomiona Record Number: 41959 Source Name: Microsoft-Windows-DHCPv6-Client Time Written: 20100926055308.384024-000 Event Type: Informacje User: ZARZĄDZANIE NT\USŁUGA LOKALNA Computer Name: User-Komputer Event Code: 7036 Message: Usługa Izolacja klucza CNG weszła w stan uruchomienia. Record Number: 41958 Source Name: Service Control Manager Time Written: 20100926055308.384024-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 50036 Message: Usługa klienta DHCPv4 została uruchomiona Record Number: 41957 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20100926055308.368424-000 Event Type: Informacje User: ZARZĄDZANIE NT\USŁUGA LOKALNA =====Application event log===== Computer Name: User-Komputer Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 6011 Source Name: Microsoft-Windows-WMI Time Written: 20100808115711.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 5611 Message: The Windows Management Instrumentation service has detected an inconsistent system shutdown. Record Number: 6010 Source Name: Microsoft-Windows-WMI Time Written: 20100808115708.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 6009 Source Name: Microsoft-Windows-WMI Time Written: 20100808115707.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 6008 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100808115705.415224-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: USER-KOMPUTER Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 6007 Source Name: Microsoft-Windows-EventSystem Time Written: 20100808115705.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: User-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 6527 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100808113617.170418-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: USER-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x200 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 6526 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100808113617.170418-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x95b4 Record Number: 6525 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100808113616.998818-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 6524 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100808113616.889618-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 6523 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100808113616.889618-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files;C:\Program Files\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- [/log] log.txt [log]Logfile of random's system information tool 1.08 (written by random/random) Run by User at 2011-02-06 22:13:36 Microsoft Windows 7 Ultimate System drive C: has 31 GB (40%) free of 77 GB Total RAM: 2048 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:13:53, on 2011-02-06 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\explorer.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Opera\opera.exe D:\OTL.exe C:\Windows\system32\taskmgr.exe C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe C:\Program Files\trend micro\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Startup: nssvc32.exe O4 - Startup: spoolsvcs.exe O4 - Startup: wnr231.exe O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF21BF2-34CB-448C-9D78-22E9766A3440}: NameServer = 213.241.79.37,83.238.255.76 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6680 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] UrlHelper Class - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll [2010-06-06 392112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] {0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480] {872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-05-25 37888] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-08 9267816] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "DataMngr"=C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe [2010-06-06 796600] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-05-04 11981408] "Steam"=D:\Steam\steam.exe [2010-11-17 1242448] "AdobeBridge"= [] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "PlayNC Launcher"= [] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup nssvc32.exe spoolsvcs.exe wnr231.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit] C:\Program Files\Common Files\logonInit.dll [2010-08-18 27958] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-02-06 22:13:37 ----D---- C:\Program Files\trend micro 2011-02-06 22:13:36 ----D---- C:\rsit 2011-02-06 17:01:31 ----A---- C:\Windows\ntbtlog.txt 2011-02-05 22:54:55 ----D---- C:\Program Files\Recuva 2011-02-05 22:52:53 ----D---- C:\Program Files\Google 2011-02-05 22:49:27 ----D---- C:\Users\User\AppData\Roaming\PandoraRecovery 2011-02-05 22:49:24 ----D---- C:\Program Files\Pandora Recovery 2011-02-05 22:45:56 ----D---- C:\Program Files\UndeleteMyFiles 2011-02-05 20:46:57 ----A---- C:\Windows\system32\fat32format.exe 2011-01-23 21:16:19 ----D---- C:\Program Files\Deluxe Ski Jump 4 2011-01-12 14:48:09 ----A---- C:\Windows\system32\odbc32.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\XpsPrint.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\FntCache.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\DWrite.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2011-01-12 14:48:05 ----A---- C:\Windows\system32\d3d10warp.dll 2011-01-12 14:48:05 ----A---- C:\Windows\system32\d2d1.dll 2011-01-12 14:48:04 ----A---- C:\Windows\system32\XpsRasterService.dll 2011-01-12 14:48:04 ----A---- C:\Windows\system32\ExplorerFrame.dll 2011-01-12 14:48:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys 2011-01-12 14:48:04 ----A---- C:\Windows\system32\d3d10_1core.dll 2011-01-12 14:48:04 ----A---- C:\Windows\system32\d3d10_1.dll 2011-01-12 14:48:04 ----A---- C:\Windows\system32\cdd.dll ======List of files/folders modified in the last 1 months====== 2011-02-06 22:13:50 ----D---- C:\Windows\Temp 2011-02-06 22:13:37 ----RD---- C:\Program Files 2011-02-06 21:52:40 ----D---- C:\Windows\Prefetch 2011-02-06 21:49:38 ----D---- C:\ProgramData\NVIDIA 2011-02-06 18:08:43 ----D---- C:\Windows\system32\catroot2 2011-02-06 17:01:31 ----D---- C:\Windows 2011-02-06 16:56:11 ----D---- C:\Windows\system32\config 2011-02-06 15:04:44 ----D---- C:\Windows\System32 2011-02-06 15:04:44 ----D---- C:\Windows\inf 2011-02-06 15:04:44 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-02-05 22:53:10 ----SHD---- C:\Windows\Installer 2011-02-05 22:52:59 ----D---- C:\Windows\Tasks 2011-02-05 22:52:59 ----D---- C:\Windows\system32\Tasks 2011-02-05 22:36:37 ----SHD---- C:\System Volume Information 2011-02-05 22:36:36 ----D---- C:\Windows\Logs 2011-02-05 21:35:32 ----D---- C:\Users\User\AppData\Roaming\Winamp 2011-02-05 17:39:39 ----D---- C:\Program Files\Mozilla Firefox 2011-02-03 21:00:18 ----D---- C:\Windows\winsxs 2011-02-03 16:31:57 ----D---- C:\Windows\Minidump 2011-02-03 16:21:58 ----D---- C:\Windows\system32\catroot 2011-01-30 22:02:30 ----D---- C:\Program Files\NAPI-PROJEKT 2011-01-28 22:02:53 ----RSD---- C:\Windows\Fonts 2011-01-22 17:22:25 ----D---- C:\Program Files\SpeedFan 2011-01-16 16:11:06 ----D---- C:\Windows\system32\drivers 2011-01-14 15:21:54 ----D---- C:\Users\User\AppData\Roaming\Adobe 2011-01-11 16:37:58 ----D---- C:\Users\User\AppData\Roaming\Gadu-Gadu 10 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792] R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-24 691696] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 ByakkoDriver;ByakkoDriver; \??\D:\Cabal Unlimited\Byakko.K32 [2011-02-05 7936] S3 cpuz132;cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [] S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 GPU-Z;GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-06-08 3112360] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 XDva332;XDva332; \??\C:\Windows\system32\XDva332.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-05 136176] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944] S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640] S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232] S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-17 655624] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-20 3813096] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-18 403240] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400] -----------------EOF----------------- [/log] Pliku extras.txt niestety nie było..
Tomek01 komentarz 7 lutego 2011 komentarz 7 lutego 2011 Odinstaluj: DAEMON Tools Toolbar, DVDVideoSoftTB Toolbar, Conduit Engine, BearShare MediaBar. W OTL, w oknie Custom scan/fixes wklej: [code] :OTL DRV - [2011-02-05 13:28:13 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Cabal Unlimited\Byakko.K32 -- (ByakkoDriver) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nssvc32.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvcs.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnr231.exe () O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\logonInit.dll () :Files C:\Users\User\AppData\Local\Temp*.html C:\Program Files\Common Files\logonInit.dll C:\Program Files\Common Files\UserInit.dll C:\Windows\system32\XDva332.sys :Services XDva332 :Commands [emptytemp][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT Poniższy plik przeskanuj na virustotal: C:\Windows\System32\fat32format.exe 1
legendk komentarz 7 lutego 2011 Autor komentarz 7 lutego 2011 Dziękuje bardzo, gdybym Cię znał na rl to postawił bym ci browara.
Tomek01 komentarz 7 lutego 2011 komentarz 7 lutego 2011 Ale czekam aż mi wrzucisz logi. Trzeba będzie jeszcze co nieco usunąć
legendk komentarz 20 marca 2011 Autor komentarz 20 marca 2011 (edytowane) To znowu ja i ten sam błąd. Przepraszam, że potem nie wrzuciłem logów, ale poprostu nie przeczytałem. Jestem poprostu kolejną osobą, która wchodzi na forum tylko po to aby ktoś jej pomógł. (przepraszam, wiem coś o tym z forum graficznego) OTL.txt [log]OTL logfile created on: 2011-03-20 20:15:25 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 75,13 Gb Total Space | 28,07 Gb Free Space | 37,36% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 84,03 Gb Free Space | 43,02% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 21,17 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010-11-17 16:03:06 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2010-11-11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010-11-11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010-11-11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe PRC - [2010-11-11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe PRC - [2010-11-11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010-09-21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010-09-21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010-09-20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010-08-21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-06-16 10:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-06-08 16:19:14 | 009,267,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010-06-07 16:47:34 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010-06-06 15:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe PRC - [2010-05-25 17:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010-05-14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010-05-04 15:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-03-02 17:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe PRC - [2010-03-02 17:03:18 | 000,247,152 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-07-14 02:14:50 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-05-31 08:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2010-10-27 05:40:24 | 001,289,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-02-19 06:33:11 | 000,802,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010-11-18 07:21:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-11-11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010-11-11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010-11-11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010-11-11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010-08-19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-06-17 22:04:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-06-16 21:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-02 17:03:18 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe -- (UI Assistant Service) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-11-11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010-11-11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010-11-11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport) DRV - [2010-11-11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010-11-11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010-11-11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010-11-11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010-11-11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010-08-19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010-06-24 15:26:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-08 16:19:26 | 003,112,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010-06-08 00:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010-01-18 11:20:58 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2005-03-09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.wp.pl/ [binary data] IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678 IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-11 15:10:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-11 15:10:35 | 000,000,000 | ---D | M] [2010-06-28 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011-03-20 12:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions [2011-02-15 20:24:06 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010-12-12 20:41:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010-08-24 20:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-03-20 12:09:57 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-03-20 12:09:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com [2010-08-07 22:16:28 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\illimitux@illimitux.net [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\BearShareWebSearch.xml [2010-12-15 15:22:16 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\conduit.xml [2011-03-13 09:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-23 22:36:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-12-06 19:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-03-11 15:10:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml [2011-03-11 15:10:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-11 15:10:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-11 15:10:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-11 15:10:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-11 15:10:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-12-03 14:51:12 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: ::1 localhost O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UIExec] C:\Program Files\Netia\Mobilny Internet\UIExec.exe () O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4ce1c074-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun O33 - MountPoints2\{4ce1c074-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = G:\autorun.exe -auto O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell - "" = AutoRun O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell\AutoRun\command - "" = J:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-03-20 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware [2011-03-20 12:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011-03-20 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar [2011-03-18 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamez Aion [2011-03-18 21:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion [2011-03-17 19:26:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\flash [2011-03-16 14:51:56 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys [2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2011-03-16 14:51:56 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2011-03-16 14:51:48 | 000,471,040 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll [2011-03-16 14:51:48 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys [2011-03-16 14:51:48 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys [2011-03-16 14:51:47 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll [2011-03-16 14:51:47 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin [2011-03-16 14:51:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB [2011-03-16 14:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netia [2011-03-16 14:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Netia [2011-03-14 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare - Kopia [2011-03-12 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft [2011-03-10 22:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011-03-10 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011-03-06 17:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011-02-26 19:20:18 | 000,000,000 | ---D | C] -- C:\Windows\usgwmt [2011-02-20 11:23:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6A3F98AF-D67D-41FB-8A06-D6D933149296} [2011-02-19 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{863D2C0A-24F7-4242-BB1A-6980D649AC15} [2011-02-16 15:56:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fz3-12978681792780 [2011-02-16 15:43:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla [2011-02-16 15:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011-02-15 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Charles [2011-02-15 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Charles [2011-02-13 21:09:41 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2011-02-13 21:09:37 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2011-02-13 21:09:36 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2011-02-13 21:09:31 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2011-02-13 21:08:46 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2011-02-13 21:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2011-02-13 21:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2011-02-13 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2011-02-13 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2011-02-10 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia86 [2011-02-09 03:01:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011-02-09 03:01:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011-02-07 07:57:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011-02-06 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-02-06 22:13:36 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\do nauki [2011-02-05 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google [2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011-02-05 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PandoraRecovery [2011-02-05 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery [2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles [2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\UndeleteMyFiles [2011-01-30 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt [2011-01-23 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Deluxe Ski Jump 4 [2011-01-23 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-01-23 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-03-20 20:10:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSA3004.html [2011-03-20 20:10:32 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempvC3004.html [2011-03-20 20:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-03-20 20:10:03 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2011-03-20 19:54:45 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-03-20 19:54:45 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-03-20 15:31:51 | 000,749,278 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-03-20 15:31:51 | 000,634,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-03-20 15:31:51 | 000,152,130 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-03-20 15:31:51 | 000,122,968 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-03-18 21:29:40 | 000,000,885 | ---- | M] () -- C:\Users\User\Desktop\GamezAion Launcher.lnk [2011-03-16 14:52:06 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Mobilny Internet.lnk [2011-03-12 11:57:09 | 192,426,527 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-03-04 22:54:35 | 000,002,008 | ---- | M] () -- C:\Users\User\Desktop\Aion.lnk [2011-02-22 23:06:36 | 002,216,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-02-20 11:37:13 | 020,678,507 | ---- | M] () -- C:\Users\User\Desktop\Mój film2.wmv [2011-02-19 20:58:46 | 022,149,918 | ---- | M] () -- C:\Users\User\Desktop\Mój film.wmv [2011-02-13 21:08:40 | 000,001,024 | ---- | M] () -- C:\.rnd [2011-02-13 21:08:24 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk [2011-02-10 17:55:51 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk [2011-02-10 17:34:42 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2011-02-08 23:19:47 | 002,507,957 | ---- | M] () -- C:\Users\User\Documents\Legendary_Tags_by_1LegenD1.png [2011-02-08 08:40:09 | 000,001,178 | ---- | M] () -- C:\Users\User\Desktop\Mass Effect 2.lnk [2011-02-06 17:33:12 | 000,648,748 | ---- | M] () -- C:\Users\User\Documents\BioWare.rar [2011-02-06 17:33:02 | 000,000,020 | ---- | M] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar [2011-01-30 22:02:31 | 000,000,951 | ---- | M] () -- C:\Users\User\Desktop\NapiProjekt.lnk [2011-01-23 21:16:20 | 000,001,010 | ---- | M] () -- C:\Users\User\Desktop\DSJ4.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-03-20 20:10:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSA3004.html [2011-03-20 20:10:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvC3004.html [2011-03-18 21:29:40 | 000,000,885 | ---- | C] () -- C:\Users\User\Desktop\GamezAion Launcher.lnk [2011-03-16 14:53:54 | 000,000,628 | ---- | C] () -- C:\NetworkCfg.xml [2011-03-16 14:51:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Mobilny Internet.lnk [2011-03-10 21:55:36 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CS5.lnk [2011-03-10 21:55:07 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2011-03-10 21:53:57 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk [2011-03-10 21:53:42 | 000,001,483 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011-03-10 21:53:00 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011-03-04 22:54:35 | 000,002,008 | ---- | C] () -- C:\Users\User\Desktop\Aion.lnk [2011-02-20 17:13:00 | 000,049,233 | ---- | C] () -- C:\Windows\System32\fat32format.exe [2011-02-20 11:25:22 | 020,678,507 | ---- | C] () -- C:\Users\User\Desktop\Mój film2.wmv [2011-02-19 20:46:04 | 022,149,918 | ---- | C] () -- C:\Users\User\Desktop\Mój film.wmv [2011-02-15 20:23:36 | 000,001,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk [2011-02-13 21:08:40 | 000,001,024 | ---- | C] () -- C:\.rnd [2011-02-13 21:08:24 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk [2011-02-08 23:19:47 | 002,507,957 | ---- | C] () -- C:\Users\User\Documents\Legendary_Tags_by_1LegenD1.png [2011-02-08 08:40:09 | 000,001,178 | ---- | C] () -- C:\Users\User\Desktop\Mass Effect 2.lnk [2011-02-06 17:33:12 | 000,648,748 | ---- | C] () -- C:\Users\User\Documents\BioWare.rar [2011-02-06 17:33:02 | 000,000,020 | ---- | C] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar [2011-01-30 22:02:31 | 000,000,951 | ---- | C] () -- C:\Users\User\Desktop\NapiProjekt.lnk [2011-01-23 21:16:20 | 000,001,010 | ---- | C] () -- C:\Users\User\Desktop\DSJ4.lnk [2010-09-04 13:32:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2010-06-28 21:05:48 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg [2010-06-24 15:26:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-07-14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2004-09-24 00:31:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2004-07-29 18:08:30 | 000,024,633 | ---- | C] () -- C:\Windows\php.ini [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2011-03-12 22:59:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft [2010-08-26 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity [2011-02-15 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Charles [2010-06-24 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2010-12-12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2011-03-14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011-01-11 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gadu-Gadu 10 [2010-06-21 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER [2010-06-28 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World [2010-06-17 08:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenFM [2010-07-12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera [2011-02-05 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PandoraRecovery [2010-09-27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall [2011-02-19 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tibia [2011-03-15 16:42:19 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-02-13 21:08:40 | 000,001,024 | ---- | M] () -- C:\.rnd [2010-07-28 12:00:22 | 000,182,324 | ---- | M] () -- C:\38856.rar [2010-08-13 17:13:38 | 000,000,039 | ---- | M] () -- C:\597.ini [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-06-16 16:29:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-18 23:15:13 | 000,296,482 | RHS- | M] () -- C:\CBYIQ [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-03-16 14:51:53 | 000,005,562 | ---- | M] () -- C:\debug1214.txt [2010-09-05 10:58:03 | 000,000,453 | ---- | M] () -- C:\Gry (D).lnk [2011-03-20 20:10:03 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-12-12 15:11:00 | 000,218,624 | ---- | M] () -- C:\klt.exe [2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg [2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-07-07 10:30:20 | 000,000,628 | ---- | M] () -- C:\NetworkCfg.xml [2011-03-20 20:10:05 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys [2011-02-15 22:23:55 | 000,000,292 | ---- | M] () -- C:\ps3-updatelist.txt [2010-11-18 23:15:13 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2010-07-28 11:29:52 | 000,002,033 | ---- | M] () -- C:\wsite.lnk [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows- winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >[/log] Extras.txt [log]OTL Extras logfile created on: 2011-03-20 20:15:25 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 75,13 Gb Total Space | 28,07 Gb Free Space | 37,36% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 84,03 Gb Free Space | 43,02% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 21,17 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22 "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM) "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM "{454070F6-2CAF-49DE-84E7-07DC177789FB}" = Unlimited Cabal "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Zwierzaki "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobilny Internet "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter i Książę Półkrwi™ "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "BearShare MediaBar" = MediaBar "CABAL Online: Radiant Hall_is1" = Cabal Online Europe - Radiant Hall "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09 "conduitEngine" = Conduit Engine "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31 "Gadu-Gadu 10" = Gadu-Gadu 10 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "RealAlt_is1" = Real Alternative 2.0.2 "San Andreas Mod Installer1.1" = San Andreas Mod Installer "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 380" = Half-Life 2: Episode One "Steam App 39000" = Moonbase Alpha "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch "SubEdit-Player_is1" = SubEdit-Player "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "Totalcmd" = Total Commander (Remove or Repair) "uTorrentBar Toolbar" = uTorrentBar Toolbar "VMware_Player" = VMware Player "Winamp" = Winamp "Winamp PL" = Winamp 5.58 PL "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Translator" = Google Translator "NCsoft-AionEU" = Aion "OPR" = Opera Password Recovery "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-18 17:41:23 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x1002d499 Identyfikator procesu powodującego błąd: 0x394 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb9efaa1b0b8ff Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu: 8e55a91f-0aef-11e0-874f-0016e6ddf839 Error - 2010-12-19 03:51:03 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x1002d499 Identyfikator procesu powodującego błąd: 0x884 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb9f4d730ed124 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu: b9a1429a-0b44-11e0-87ea-0016e6ddf839 Error - 2010-12-19 16:34:49 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Tibia.exe, wersja: 8.6.0.0, sygnatura czasowa: 0x4c29b82b Nazwa modułu powodującego błąd: USP10.dll, wersja: 1.626.7600.16385, sygnatura czasowa: 0x4a5bdb32 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0005294e Identyfikator procesu powodującego błąd: 0xf4c Godzina uruchomienia aplikacji powodującej błąd: 0x01cb9fbc030ff65e Ścieżka aplikacji powodującej błąd: E:\Program Files\Tibia2222323\Tibia.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\USP10.dll Identyfikator raportu: 6c4d1703-0baf-11e0-87ea-0016e6ddf839 Error - 2010-12-20 10:12:02 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Tibia.exe, wersja: 8.6.0.0, sygnatura czasowa: 0x4c29b82b Nazwa modułu powodującego błąd: logonInit.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a740504 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002121 Identyfikator procesu powodującego błąd: 0xb0c Godzina uruchomienia aplikacji powodującej błąd: 0x01cba00761bd3f7b Ścieżka aplikacji powodującej błąd: E:\Program Files\Tibia2222323\Tibia.exe Ścieżka modułu powodującego błąd: C:\Program Files\Common Files\logonInit.dll Identyfikator raportu: 1d75bc9a-0c43-11e0-949c-0016e6ddf839 Error - 2010-12-21 12:39:14 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Simscrc.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x3873f6c0 Nazwa modułu powodującego błąd: Simscrc.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x3873f6c0 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0015bba5 Identyfikator procesu powodującego błąd: 0x4e4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cba12d9745b18b Ścieżka aplikacji powodującej błąd: D:\Maxis\The Sims\Simscrc.exe Ścieżka modułu powodującego błąd: D:\Maxis\The Sims\Simscrc.exe Identyfikator raportu: d812356a-0d20-11e0-ba76-0016e6ddf839 Error - 2010-12-21 17:35:36 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2010-12-21 17:35:36 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2010-12-21 17:35:39 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2010-12-22 13:25:07 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_iphlpsvc, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: FastProx.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bd9de Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000231a3 Identyfikator procesu powodującego błąd: 0x3ec Godzina uruchomienia aplikacji powodującej błąd: 0x01cba1df0e73fc00 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\wbem\FastProx.dll Identyfikator raportu: 6b17dd8d-0df0-11e0-bb16-0016e6ddf839 Error - 2010-12-23 05:34:04 | Computer Name = User-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x1002d499 Identyfikator procesu powodującego błąd: 0xcc4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cba282804125fa Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu: c7670189-0e77-11e0-a0cd-0016e6ddf839 [ System Events ] Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-20 15:01:28 | Computer Name = User-Komputer | Source = DCOM | ID = 10005 Description = Error - 2011-03-20 15:07:52 | Computer Name = User-Komputer | Source = DCOM | ID = 10005 Description = Error - 2011-03-20 15:08:23 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1068 < End of report > [/log] RSIT się zwiesza. :/ Jednocześnie mam pytanie, jakiego antyvirusa polecacie?
Tomek01 komentarz 20 marca 2011 komentarz 20 marca 2011 Odinstaluj:MediaBar, DVDVideoSoftTB Toolbar, uTorrentBar Community Toolbar, Conduit Engine. W OTL, w oknie Custom scan/fixes wklej: [code] :OTL PRC - [2010-06-06 15:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678 IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" [2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011-03-20 12:09:57 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-03-20 12:09:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe () O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () :Files C:\Program Files\ConduitEngine C:\Program Files\uTorrentBar C:\Users\User\AppData\Local\Temp*.html :Commands [emptytemp][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT (jak normalnie nie pójdzie, zrób w trybie awaryjnym). Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykrył raport pokaż na forum.
legendk komentarz 24 marca 2011 Autor komentarz 24 marca 2011 (edytowane) RSIT: log.txt [log]Logfile of random's system information tool 1.08 (written by random/random) Run by User at 2011-03-22 17:50:20 Microsoft Windows 7 Ultimate System drive C: has 29 GB (38%) free of 77 GB Total RAM: 2048 MB (30% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:50:27, on 2011-03-22 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\Netia\Mobilny Internet\UIExec.exe C:\Program Files\Gadu-Gadu 10\gg.exe D:\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\explorer.exe C:\Windows\explorer.exe C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\Malwarebytes_Anti-Malware1.50.1[www.instalki.pl].exe C:\Users\User\AppData\Local\Temp\is-K6I5L.tmp\Malwarebytes_Anti-Malware1.50.1[www.instalki.pl].tmp C:\Windows\explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\explorer.exe C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe C:\Program Files\trend micro\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Netia\Mobilny Internet\UIExec.exe" O4 - HKLM\..\RunOnce: [removetoolbar] cmd.exe /c RD /S /Q "C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar" O4 - HKLM\..\RunOnce: [removedatamngr] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\" O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF21BF2-34CB-448C-9D78-22E9766A3440}: NameServer = 213.241.79.37,83.238.255.76 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA977F0B-B9D3-4888-96CB-E89D0C56736D}: NameServer = 100.1.1.1 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 7713 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-05-25 37888] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-08 9267816] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2010-11-11 64112] "AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] "UIExec"=C:\Program Files\Netia\Mobilny Internet\UIExec.exe [2010-03-02 138072] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "removetoolbar"=cmd.exe /c RD /S /Q C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar [] "removedatamngr"=cmd.exe /c RD /S /Q C:\Program Files\BearShare Applications\MediaBar\ [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-05-04 11981408] "Steam"=D:\Steam\steam.exe [2010-11-17 1242448] "AdobeBridge"= [] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-03-22 17:50:20 ----D---- C:\rsit 2011-03-20 20:07:46 ----D---- C:\Users\User\AppData\Roaming\VMware 2011-03-20 19:59:16 ----A---- C:\Windows\ntbtlog.txt 2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys 2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys 2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbnet.sys 2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys 2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\massfilter.sys 2011-03-16 14:51:53 ----A---- C:\debug1214.txt 2011-03-16 14:51:48 ----A---- C:\Windows\system32\sporder.dll 2011-03-16 14:51:48 ----A---- C:\Windows\system32\drivers\tcpipBM.sys 2011-03-16 14:51:48 ----A---- C:\Windows\system32\drivers\BMLoad.sys 2011-03-16 14:51:48 ----A---- C:\Windows\system32\bmutil.dll 2011-03-16 14:51:48 ----A---- C:\Windows\system32\bmnet.dll 2011-03-16 14:51:47 ----A---- C:\Windows\system32\bminstall.dll 2011-03-16 14:51:45 ----D---- C:\Windows\system32\SupportAppCB 2011-03-16 14:51:38 ----D---- C:\Program Files\Netia 2011-03-12 22:52:30 ----D---- C:\Users\User\AppData\Roaming\.minecraft 2011-03-10 22:00:32 ----D---- C:\ProgramData\regid.1986-12.com.adobe 2011-03-10 21:52:59 ----D---- C:\Program Files\Common Files\Adobe AIR 2011-03-09 18:15:17 ----A---- C:\Windows\system32\FntCache.dll 2011-03-09 18:15:17 ----A---- C:\Windows\system32\DWrite.dll 2011-03-09 18:15:17 ----A---- C:\Windows\system32\d2d1.dll 2011-03-09 18:13:31 ----A---- C:\Windows\system32\CPFilters.dll 2011-03-09 18:13:30 ----A---- C:\Windows\system32\sbe.dll 2011-03-09 18:13:30 ----A---- C:\Windows\system32\EncDec.dll 2011-03-09 18:13:29 ----A---- C:\Windows\system32\mstscax.dll 2011-03-09 18:13:29 ----A---- C:\Windows\system32\mstsc.exe 2011-03-07 11:41:58 ----ASH---- C:\pagefile.sys 2011-03-06 17:38:29 ----D---- C:\ProgramData\TEMP 2011-02-26 19:20:18 ----D---- C:\Windows\usgwmt 2011-02-24 21:34:22 ----A---- C:\Windows\system32\wcncsvc.dll 2011-02-23 14:51:30 ----A---- C:\Windows\system32\XpsPrint.dll 2011-02-23 14:51:29 ----A---- C:\Windows\system32\XpsGdiConverter.dll ======List of files/folders modified in the last 1 months====== 2011-03-22 17:50:26 ----D---- C:\Windows\Temp 2011-03-22 17:50:26 ----D---- C:\Program Files\trend micro 2011-03-22 17:45:41 ----RD---- C:\Program Files 2011-03-22 17:15:31 ----D---- C:\Windows\Prefetch 2011-03-22 17:09:59 ----D---- C:\ProgramData\VMware 2011-03-22 17:09:57 ----D---- C:\ProgramData\NVIDIA 2011-03-22 17:09:51 ----D---- C:\Windows\Minidump 2011-03-22 17:09:49 ----D---- C:\Windows 2011-03-22 16:08:57 ----D---- C:\Windows\system32\config 2011-03-22 14:24:42 ----D---- C:\Windows\System32 2011-03-22 14:24:42 ----D---- C:\Windows\inf 2011-03-22 14:24:42 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-03-22 14:13:10 ----SHD---- C:\System Volume Information 2011-03-20 20:09:01 ----D---- C:\Program Files\Common Files 2011-03-20 20:07:36 ----D---- C:\Program Files\SpeedFan 2011-03-20 20:07:11 ----D---- C:\Program Files\Tibia Auto 2011-03-20 20:06:45 ----D---- C:\Program Files\FileZilla FTP Client 2011-03-20 20:06:21 ----D---- C:\Program Files\Charles 2011-03-19 14:52:04 ----D---- C:\Users\User\AppData\Roaming\Winamp 2011-03-19 13:03:20 ----D---- C:\Program Files\Mozilla Firefox 2011-03-19 07:58:14 ----SHD---- C:\Windows\Installer 2011-03-19 07:58:06 ----D---- C:\Windows\winsxs 2011-03-16 14:55:16 ----D---- C:\Windows\ModemLogs 2011-03-16 14:52:05 ----D---- C:\Windows\system32\DriverStore 2011-03-16 14:52:05 ----D---- C:\Windows\system32\catroot 2011-03-16 14:51:56 ----D---- C:\Windows\system32\drivers 2011-03-16 14:51:38 ----HD---- C:\Program Files\InstallShield Installation Information 2011-03-16 07:47:37 ----D---- C:\Windows\system32\catroot2 2011-03-14 20:29:23 ----D---- C:\Users\User\AppData\Roaming\FileZilla 2011-03-11 07:45:35 ----D---- C:\ProgramData\Adobe 2011-03-10 22:18:42 ----D---- C:\Users\User\AppData\Roaming\Adobe 2011-03-10 22:01:14 ----D---- C:\Windows\system32\Tasks 2011-03-10 22:00:32 ----HD---- C:\ProgramData 2011-03-10 21:55:07 ----D---- C:\Program Files\Common Files\Adobe 2011-03-10 21:55:03 ----D---- C:\Program Files\Adobe 2011-03-04 17:38:06 ----D---- C:\Program Files\Tibia86 2011-02-25 15:57:20 ----D---- C:\Program Files\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-24 691696] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-11-11 32368] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-11-11 70768] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 36400] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 26352] R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2010-11-11 23792] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-11-11 854128] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448] R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-06-08 3112360] R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-11-11 24688] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 16560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S3 aagfrzto;aagfrzto; C:\Windows\system32\drivers\aagfrzto.sys [] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 cpuz132;cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [] S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 GPU-Z;GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys [] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792] S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-01-18 9216] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-01-18 105088] S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-01-18 105088] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-01-18 105088] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232] R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe [2010-03-02 247152] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-11-11 113264] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-11-11 334448] R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-11-11 404080] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-17 655624] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-20 3813096] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-18 403240] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400] -----------------EOF----------------- [/log] info.txt [log]info.txt logfile of random's system information tool 1.08 2011-03-22 17:50:29 ======Uninstall list====== -->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{6E9EF98E-259E-416D-B5F8-0ABDB99942CE} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin Adobe Flash Professional CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623} Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" Cabal Online Europe - Radiant Hall-->"D:\patch\unins000.exe" Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917} Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} Counter-Strike: Source-->"D:\Steam\steam.exe" steam://uninstall/240 D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe" Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5} EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Free YouTube to MP3 Converter version 3.9.31-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly Half-Life 2: Episode One-->"D:\Steam\steam.exe" steam://uninstall/380 Half-Life 2: Episode Two-->"D:\Steam\steam.exe" steam://uninstall/420 Half-Life 2-->"D:\Steam\steam.exe" steam://uninstall/220 Harry Potter i Książę Półkrwi™-->MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1} Harry Potter TM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x15 Uninstall Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Mass Effect 2-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57} Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7} Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C} Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} Mobilny Internet-->"C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0015 -removeonly Moonbase Alpha-->"D:\Steam\steam.exe" steam://uninstall/39000 Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly Need for Speed™ Most Wanted-->D:\Need for Speed Most Wanted\EAUninstall.exe NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32} PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392} Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Portal-->"D:\Steam\steam.exe" steam://uninstall/400 Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly San Andreas Mod Installer-->"C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml" Star Wars(TM): Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe" -l0x15 Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubEdit - Vista WMP Patch-->"C:\Program Files\SubEdit-Player\WMP6_4\unins000.exe" SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe" Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Team Fortress 2-->"D:\Steam\steam.exe" steam://uninstall/440 The Sims Zwierzaki-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\Setup.exe" -l0015 Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe Tibia-->"C:\Program Files\Tibia86\unins000.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Unlimited Cabal-->MsiExec.exe /I{454070F6-2CAF-49DE-84E7-07DC177789FB} Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\" VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405} Winamp 5.58 PL-->"C:\Program Files\Winamp\UninstWA_PL.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} ======Hosts File====== 127.0.0.1 activate.adobe.com ======System event log====== Computer Name: User-Komputer Event Code: 1074 Message: Proces C:\Windows\system32\winlogon.exe (USER-KOMPUTER) zainicjował wyłączenie zasilania komputera USER-KOMPUTER w imieniu użytkownika User-Komputer\User z następującej przyczyny: Nie można odnaleźć tytułu dla tej przyczyny Kod przyczyny: 0x500ff Typ zamknięcia systemu: wyłączenie zasilania Komentarz: Record Number: 68107 Source Name: USER32 Time Written: 20101208072459.000000-000 Event Type: Informacje User: User-Komputer\User Computer Name: User-Komputer Event Code: 1074 Message: Proces Explorer.EXE zainicjował wyłączenie zasilania komputera USER-KOMPUTER w imieniu użytkownika User-Komputer\User z następującej przyczyny: Inne zadania (niezaplanowane) Kod przyczyny: 0x0 Typ zamknięcia systemu: wyłączenie zasilania Komentarz: Record Number: 68106 Source Name: USER32 Time Written: 20101208072456.000000-000 Event Type: Informacje User: User-Komputer\User Computer Name: User-Komputer Event Code: 7036 Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania. Record Number: 68105 Source Name: Service Control Manager Time Written: 20101208072244.423012-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 206 Message: Usługa Asystent zgodności programów pomyślnie wykonała inicjowanie fazy drugiej. Record Number: 68104 Source Name: Microsoft-Windows-Application-Experience Time Written: 20101208071316.993557-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: User-Komputer Event Code: 7036 Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan zatrzymania. Record Number: 68103 Source Name: Service Control Manager Time Written: 20101208071247.453867-000 Event Type: Informacje User: =====Application event log===== Computer Name: User-Komputer Event Code: 102 Message: Windows (3172) Windows: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0). Record Number: 14531 Source Name: ESENT Time Written: 20101011175800.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 1 Message: Została uruchomiona usługa łączności urządzenia z systemem Windows Mobile 2003. Record Number: 14530 Source Name: WcesComm Time Written: 20101011175755.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 1 Message: Została uruchomiona usługa łączności urządzenia z systemem Windows Mobile. Record Number: 14529 Source Name: RapiMgr Time Written: 20101011175755.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 6000 Message: Subskrybent powiadomień usługi winlogon <SessionEnv> był niedostępny i nie mógł obsłużyć zdarzenia powiadamiania. Record Number: 14528 Source Name: Microsoft-Windows-Winlogon Time Written: 20101011175753.000000-000 Event Type: Informacje User: Computer Name: User-Komputer Event Code: 4101 Message: Sprawdzono poprawność licencji systemu Windows. Record Number: 14527 Source Name: Microsoft-Windows-Winlogon Time Written: 20101011175753.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: User-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 12352 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101012162934.387220-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: USER-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x214 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 12351 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101012162934.387220-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x8f18 Record Number: 12350 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101012162934.293620-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 12349 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101012162934.215620-000 Event Type: Sukcesy inspekcji User: Computer Name: User-Komputer Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 12348 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101012162934.215620-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files;C:\Program Files\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 -----------------EOF----------------- [/log] logi z usuwania: 03212011_124532.txt [log]All processes killed ========== OTL ========== No active process named DataMngrUI.exe was found! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully. C:\Program Files\uTorrentBar\tbuTor.dll moved successfully. HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. File C:\Program Files\uTorrentBar\tbuTor.dll not found. Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "BearShare Web Search" removed from browser.search.order.1 Prefs.js: "Search" removed from browser.search.selectedEngine Prefs.js: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\components folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\searchbar folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\options folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\uwa folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\modules folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\lib folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data\search folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. File C:\Program Files\uTorrentBar\tbuTor.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. File C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. File C:\Program Files\uTorrentBar\tbuTor.dll not found. Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DataMngr deleted successfully. C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll deleted successfully. C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll moved successfully. ========== FILES ========== C:\Program Files\ConduitEngine folder moved successfully. C:\Program Files\uTorrentBar folder moved successfully. C:\Users\User\AppData\Local\TempDP2168.html moved successfully. C:\Users\User\AppData\Local\Tempdu3280.html moved successfully. C:\Users\User\AppData\Local\TempEE3280.html moved successfully. C:\Users\User\AppData\Local\TempSA3004.html moved successfully. C:\Users\User\AppData\Local\TempvC3004.html moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: User ->Temp folder emptied: 171399 bytes ->Temporary Internet Files folder emptied: 5322618 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 24033316 bytes ->Flash cache emptied: 1222 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 12946 bytes RecycleBin emptied: 313882174 bytes Total Files Cleaned = 328,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03212011_124532 Files\Folders moved on Reboot... C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1904.log moved successfully. Registry entries deleted on Reboot... [/log] Niestety po wrzuceniu skryptu dalej to samo. A w AntiMalware znalazło to: [log]Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 6132 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2011-03-22 18:01:47 mbam-log-2011-03-22 (18-01-33).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 142617 Upłynęło: 3 minut(y), 9 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\Windows\System32\Hosts (Trojan.Agent) -> No action taken. [/log] Z góry dzięki. Tak nawiasem mówiąc to nie robiłem już formatu prawie rok, może mam zrobić?upCO jest grane?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.