wacek223 utworzono 21 lipca 2011 utworzono 21 lipca 2011 Sprawa wygląda tak, że załapałem dzisiaj Trojana.Droppera, coś nie coś usunąłem, coś przestawiłem i uzyskałem dostęp do neta więc wstawiam logi bo na pewno zostały po nim jakieś pozostałości w rejestrze i pewnie nie tylko.. Aa pasożyty mi nie potrzebne OTL [log]OTL logfile created on: 2011-07-21 22:44:37 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\J23\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,26% Memory free 3,75 Gb Paging File | 2,54 Gb Available in Paging File | 67,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,08 Gb Total Space | 12,18 Gb Free Space | 31,17% Space Free | Partition Type: NTFS Drive D: | 109,97 Gb Total Space | 8,06 Gb Free Space | 7,33% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 6,31 Gb Free Space | 4,24% Space Free | Partition Type: NTFS Computer Name: J23-KOMPUTER | User Name: J23 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-23 10:45:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-06-23 10:45:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011-06-14 13:22:52 | 009,030,656 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-05-26 21:50:22 | 015,147,400 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe PRC - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 03:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe MOD - [2011-06-03 07:59:23 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2011-05-14 08:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-01-12 21:33:36 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2010-12-18 11:17:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-23 07:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS) SRV - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe -- (DfSdkS) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-09-08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-05-31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-21 22:42:07 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\navex15.sys -- (NAVEX15) DRV - [2011-07-21 22:42:07 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\naveng.sys -- (NAVENG) DRV - [2011-07-21 22:07:13 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-05-17 16:50:47 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-08-16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2010-08-16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2010-08-09 05:11:49 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-07-29 05:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA) DRV - [2010-07-29 04:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP) DRV - [2010-07-29 04:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-07-13 03:20:21 | 000,294,448 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS -- (SymNetS) DRV - [2010-06-27 06:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON) DRV - [2010-06-27 06:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys -- (IDSVix86) DRV - [2010-06-14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010-06-13 12:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS) DRV - [2010-04-27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-04-27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010-04-27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2010-04-06 19:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2010-04-06 19:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2010-04-06 19:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009-07-14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008-08-26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-06-02 06:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500) DRV - [2005-01-31 11:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2005-01-31 11:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004-01-23 19:34:26 | 000,037,840 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2FS) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://go.microsoft.com/fwlink/?linkid=54896 IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "google.pl" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\J23\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\J23\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-21 22:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011-07-21 22:06:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-23 10:45:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-18 01:45:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\profilinstylin\profilinstylin [2011-07-04 11:18:37 | 000,000,000 | ---D | M] [2008-09-01 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J23\AppData\Roaming\mozilla\Extensions [2008-09-01 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J23\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011-07-15 15:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions [2010-12-17 21:38:55 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C} [2011-04-07 20:09:54 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions\support@auto-hide-ip.com [2011-07-18 02:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-06-17 03:24:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-23 10:45:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-12-19 10:56:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-12-21 17:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-07-18 02:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011-07-04 11:18:37 | 000,000,000 | ---D | M] (profilinstylin - Change your Facebook layout!) -- C:\PROGRAM FILES\PROFILINSTYLIN\PROFILINSTYLIN [2011-07-21 22:07:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN () (No name found) -- C:\USERS\J23\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCN2MHA1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\J23\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCN2MHA1.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI [2011-06-23 10:45:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2007-04-10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2011-07-18 02:10:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-06-06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-06 15:49:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-04-20 20:24:54 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-04-20 20:24:54 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-04-20 20:24:54 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2011-04-20 20:24:54 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-04-20 20:24:54 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-04-20 20:24:54 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-04-20 20:24:54 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (BHO_HelloWorld.BHO) - {cbfb5c65-652c-3e10-9d9a-e586816d9342} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico1] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: 使用快车3下载 - C:\Users\J23\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\J23\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - services32.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-06-05 17:43:15 | 000,055,637 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{b7e78240-8095-11e0-b952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b7e78240-8095-11e0-b952-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]Auto Hide IP[/b] - hkey= - key= - C:\Program Files\AutoHideIP\AutoHideIP.exe (AutoHideIP.Com) MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Users\J23\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Windows Mobile Device Center[/b] - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: wxpdrivers - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: wxpdrivers - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-21 22:37:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe [2011-07-21 22:07:13 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-21 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011-07-21 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-07-21 22:06:51 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys [2011-07-21 22:06:51 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys [2011-07-21 22:06:51 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys [2011-07-21 22:06:51 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys [2011-07-21 22:06:51 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys [2011-07-21 22:06:51 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys [2011-07-21 22:06:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011-07-21 22:06:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025 [2011-07-21 22:06:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011-07-21 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011-07-21 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-07-21 10:02:33 | 000,000,000 | ---D | C] -- C:\Windows\av_ico [2011-07-21 09:54:14 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Solid State Networks [2011-07-18 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\J23\DoctorWeb [2011-07-18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Malwarebytes [2011-07-18 09:41:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-18 09:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-07-18 09:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-07-18 09:41:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-18 09:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-07-18 02:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-07-18 02:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sun [2011-07-18 01:42:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-07-14 10:49:57 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727 [2011-07-13 23:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2011-07-11 14:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-07-11 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-07-11 14:20:25 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Google [2011-07-09 22:58:49 | 000,955,070 | ---- | C] (Informer Technologies, Inc. ) -- C:\Users\J23\Desktop\siinst.exe [2011-07-07 21:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011-07-07 21:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011-07-07 21:33:21 | 000,000,000 | ---D | C] -- C:\ATI [2011-07-07 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\18 WoS Haulin [2011-07-07 20:39:14 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel Haulin [2011-07-07 20:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel Haulin [2011-07-07 20:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel Haulin [2011-07-07 19:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Truck [2011-07-07 19:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Truck [2011-07-06 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite [2011-07-06 15:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\nLite [2011-07-06 08:05:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011-07-05 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2011-07-05 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\furry2final [2011-07-04 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\profilinstylin [2011-07-03 22:25:30 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\Firmware-Avila-SAMSUNG-Niebrandowany [2011-07-03 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\NPS [2011-07-03 21:40:37 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My Art [2011-07-03 21:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio [2011-07-03 21:35:06 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2011-07-03 21:35:06 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2011-07-03 21:35:06 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2011-07-03 21:35:06 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2011-07-03 21:35:06 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2011-07-03 21:35:06 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2011-07-03 21:35:06 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys [2011-07-03 21:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011-07-03 21:33:47 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2011-07-03 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Samsung [2011-07-03 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My NPS Files [2011-07-03 21:33:16 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\Samsung [2011-07-03 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2011-07-03 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011-07-03 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Downloaded Installations [2011-07-02 20:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2011-07-02 20:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems [2011-07-02 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO [2011-07-02 20:34:57 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My ISO Files [2011-07-02 14:49:02 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\Furry_www.victorygames.pl [2011-06-29 11:54:02 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-06-29 11:54:01 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-06-29 11:53:59 | 000,103,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2011-06-29 11:53:40 | 000,194,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2011-06-29 11:53:39 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-06-29 11:53:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-06-29 11:53:38 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-06-29 11:53:38 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-06-29 11:53:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-06-29 11:53:09 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011-06-27 10:07:02 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011-06-17 03:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-06-17 03:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011-06-16 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\K550 [2011-06-15 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\aerix [2011-06-14 22:07:07 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\GTA San Andreas User Files [2011-06-14 21:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011-06-14 21:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2011-06-12 18:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs [2011-06-12 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Win7codecs [2011-06-12 18:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Win7codecs [2011-06-06 21:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-06-05 17:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa 6 [2011-06-05 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\AutoMapa EU [2011-06-02 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011-06-02 20:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010-02-03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-21 22:49:55 | 003,407,872 | -HS- | M] () -- C:\Users\J23\NTUSER.DAT [2011-07-21 22:37:53 | 000,781,383 | ---- | M] () -- C:\Users\J23\Desktop\RSIT.exe [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe [2011-07-21 22:20:33 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-21 22:20:33 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-21 22:12:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-07-21 22:12:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-21 22:11:17 | 001,307,216 | -H-- | M] () -- C:\Users\J23\AppData\Local\IconCache.db [2011-07-21 22:08:12 | 001,346,572 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-21 22:07:13 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-21 22:07:13 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-21 22:07:13 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-21 22:07:01 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-21 10:02:48 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security v6.0.1000 [PL] Crack [2011-07-20 14:18:07 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat [2011-07-20 11:00:05 | 000,249,340 | ---- | M] () -- C:\Users\J23\Documents\Default.aimppl [2011-07-19 23:22:41 | 001,558,380 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-07-19 23:22:41 | 000,701,022 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-07-19 23:22:41 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-19 23:22:41 | 000,136,040 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-07-19 23:22:41 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-18 09:55:52 | 071,473,048 | ---- | M] () -- C:\Users\J23\Desktop\launch.exe [2011-07-18 09:41:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-18 02:12:15 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-07-18 01:45:29 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-07-16 23:36:52 | 000,308,870 | ---- | M] () -- C:\Users\J23\Desktop\Digital_Chocolate_-_Tower_Bloxx_Deluxe_3D_SE_176x220.jar [2011-07-16 23:32:19 | 000,191,000 | ---- | M] () -- C:\Users\J23\Desktop\Digital.Chocolate.-.Tower.Bloxx.SE.176x220.jar [2011-07-14 08:34:57 | 003,761,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-13 11:28:16 | 000,002,349 | ---- | M] () -- C:\Users\J23\Desktop\Google Chrome.lnk [2011-07-11 14:51:07 | 000,048,666 | ---- | M] () -- C:\Users\J23\Desktop\screen.jpg [2011-07-11 14:06:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011-07-11 11:59:55 | 048,062,655 | ---- | M] () -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727.rar [2011-07-09 22:58:51 | 000,955,070 | ---- | M] (Informer Technologies, Inc. ) -- C:\Users\J23\Desktop\siinst.exe [2011-07-08 21:04:06 | 004,096,449 | ---- | M] () -- C:\Users\J23\Desktop\Tina Turner - We Don T Need Another Hero.mp3 [2011-07-08 20:52:31 | 004,575,013 | ---- | M] () -- C:\Users\J23\Desktop\weekend - ona i on.mp3 [2011-07-08 20:24:04 | 003,825,194 | ---- | M] () -- C:\Users\J23\Desktop\w.b.u - zepsuty świat.mp3 [2011-07-08 20:15:47 | 003,943,206 | ---- | M] () -- C:\Users\J23\Desktop\Bloodhound Gang - The bad touch.mp3 [2011-07-08 20:10:18 | 001,914,044 | ---- | M] () -- C:\Users\J23\Desktop\La Bouche - Be My Lover.mp3 [2011-07-08 15:46:44 | 000,022,528 | ---- | M] () -- C:\Users\J23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-07 20:39:14 | 000,001,028 | ---- | M] () -- C:\Users\J23\Desktop\18 Wheels of Steel Haulin.lnk [2011-07-07 19:55:46 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Hard Truck 18 Wheels of Steel.lnk [2011-07-07 19:53:40 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2011-07-07 19:53:40 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-06 15:30:18 | 000,000,921 | ---- | M] () -- C:\Users\J23\Desktop\nLite.lnk [2011-07-06 08:29:59 | 004,660,904 | ---- | M] () -- C:\Users\J23\Desktop\rtlsetup-pcie(664).zip [2011-07-06 08:29:22 | 000,001,332 | ---- | M] () -- C:\Users\J23\Desktop\ich8smb.zip [2011-07-06 08:26:59 | 000,173,089 | ---- | M] () -- C:\Users\J23\Desktop\winxp.rar [2011-07-05 23:47:11 | 000,000,965 | ---- | M] () -- C:\Users\J23\Desktop\UltraISO.lnk [2011-07-05 11:46:11 | 011,529,842 | ---- | M] () -- C:\Users\J23\Desktop\furry2final.zip [2011-07-05 11:43:24 | 000,000,014 | ---- | M] () -- C:\Windows\cfh232.cfg [2011-07-05 11:43:23 | 000,000,016 | ---- | M] () -- C:\Windows\furry.ini [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-04 13:37:33 | 000,103,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-04 13:36:18 | 000,194,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-07-03 23:08:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-07-03 23:05:06 | 000,411,095 | ---- | M] () -- C:\Users\J23\Desktop\Diamond Twister.jar [2011-07-03 21:48:06 | 000,929,792 | ---- | M] () -- C:\Users\J23\Desktop\Phonebook.npf [2011-07-03 21:36:05 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2011-07-03 21:20:25 | 173,838,160 | ---- | M] () -- C:\Users\J23\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2011-07-03 17:41:08 | 003,561,044 | ---- | M] () -- C:\Users\J23\Desktop\Enej - Radio Hello.mp3 [2011-06-29 16:02:11 | 001,806,892 | ---- | M] () -- C:\Users\J23\Desktop\FW-WAP4035v120.zip [2011-06-29 16:01:52 | 000,938,447 | ---- | M] () -- C:\Users\J23\Desktop\WAP-4033-4035 02.2006.pdf [2011-06-27 10:07:02 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011-06-24 12:48:46 | 000,211,473 | R--- | M] () -- C:\Users\J23\Desktop\QUG-Planet.pdf [2011-06-24 11:53:26 | 000,112,553 | ---- | M] () -- C:\Users\J23\Desktop\ulotka_planet.pdf [2011-06-24 11:53:20 | 000,938,447 | ---- | M] () -- C:\Users\J23\Desktop\WAP-4033-4035_02.2006.pdf [2011-06-17 11:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk [2011-06-17 11:16:47 | 006,054,799 | ---- | M] () -- C:\Users\J23\Desktop\aimp_3.00.881_beta_2.zip [2011-06-17 03:23:45 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-16 09:44:23 | 020,029,812 | ---- | M] () -- C:\Users\J23\Desktop\k550.rar [2011-06-11 20:12:55 | 000,000,977 | ---- | M] () -- C:\Users\J23\Desktop\ALLPlayer V4.6.lnk [2011-06-05 16:04:47 | 000,191,488 | ---- | M] () -- C:\Users\J23\Desktop\magia kart.pps [2011-06-02 20:59:05 | 003,790,921 | ---- | M] () -- C:\Users\J23\Desktop\aycan - lambada dj matt g remix rip.mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-21 22:37:52 | 000,781,383 | ---- | C] () -- C:\Users\J23\Desktop\RSIT.exe [2011-07-21 22:07:17 | 001,346,572 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB [2011-07-21 22:07:13 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-21 22:07:13 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-21 22:07:01 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-21 22:06:39 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf [2011-07-21 22:06:39 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf [2011-07-21 22:06:39 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf [2011-07-21 22:06:39 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf [2011-07-21 22:06:39 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf [2011-07-21 22:06:39 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf [2011-07-21 22:06:29 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat [2011-07-21 22:06:29 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat [2011-07-21 22:06:29 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat [2011-07-21 22:06:29 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat [2011-07-21 22:06:29 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat [2011-07-21 22:06:29 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat [2011-07-21 22:06:29 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini [2011-07-21 10:02:48 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Avast Internet Security v6.0.1000 [PL] Crack [2011-07-18 09:51:03 | 071,473,048 | ---- | C] () -- C:\Users\J23\Desktop\launch.exe [2011-07-18 09:41:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-18 09:30:40 | 000,001,421 | ---- | C] () -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011-07-18 02:12:15 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-07-18 01:45:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-07-18 01:45:29 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-07-16 23:36:51 | 000,308,870 | ---- | C] () -- C:\Users\J23\Desktop\Digital_Chocolate_-_Tower_Bloxx_Deluxe_3D_SE_176x220.jar [2011-07-16 23:32:10 | 000,191,000 | ---- | C] () -- C:\Users\J23\Desktop\Digital.Chocolate.-.Tower.Bloxx.SE.176x220.jar [2011-07-11 14:51:07 | 000,048,666 | ---- | C] () -- C:\Users\J23\Desktop\screen.jpg [2011-07-11 14:22:17 | 000,002,349 | ---- | C] () -- C:\Users\J23\Desktop\Google Chrome.lnk [2011-07-11 11:56:07 | 048,062,655 | ---- | C] () -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727.rar [2011-07-08 21:00:41 | 004,096,449 | ---- | C] () -- C:\Users\J23\Desktop\Tina Turner - We Don T Need Another Hero.mp3 [2011-07-08 20:49:05 | 004,575,013 | ---- | C] () -- C:\Users\J23\Desktop\weekend - ona i on.mp3 [2011-07-08 20:23:53 | 003,825,194 | ---- | C] () -- C:\Users\J23\Desktop\w.b.u - zepsuty świat.mp3 [2011-07-08 20:15:37 | 003,943,206 | ---- | C] () -- C:\Users\J23\Desktop\Bloodhound Gang - The bad touch.mp3 [2011-07-08 20:10:11 | 001,914,044 | ---- | C] () -- C:\Users\J23\Desktop\La Bouche - Be My Lover.mp3 [2011-07-07 20:39:14 | 000,001,028 | ---- | C] () -- C:\Users\J23\Desktop\18 Wheels of Steel Haulin.lnk [2011-07-07 19:55:46 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Hard Truck 18 Wheels of Steel.lnk [2011-07-07 19:53:36 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2011-07-07 19:53:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011-07-06 15:30:18 | 000,000,921 | ---- | C] () -- C:\Users\J23\Desktop\nLite.lnk [2011-07-06 08:29:28 | 004,660,904 | ---- | C] () -- C:\Users\J23\Desktop\rtlsetup-pcie(664).zip [2011-07-06 08:29:21 | 000,001,332 | ---- | C] () -- C:\Users\J23\Desktop\ich8smb.zip [2011-07-06 08:26:57 | 000,173,089 | ---- | C] () -- C:\Users\J23\Desktop\winxp.rar [2011-07-05 11:42:46 | 011,529,842 | ---- | C] () -- C:\Users\J23\Desktop\furry2final.zip [2011-07-04 14:02:37 | 001,307,216 | -H-- | C] () -- C:\Users\J23\AppData\Local\IconCache.db [2011-07-03 23:08:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-07-03 23:05:01 | 000,411,095 | ---- | C] () -- C:\Users\J23\Desktop\Diamond Twister.jar [2011-07-03 21:47:59 | 000,929,792 | ---- | C] () -- C:\Users\J23\Desktop\Phonebook.npf [2011-07-03 21:36:05 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2011-07-03 21:33:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011-07-03 21:33:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011-07-03 21:33:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sy_ [2011-07-03 20:33:07 | 173,838,160 | ---- | C] () -- C:\Users\J23\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2011-07-03 17:40:21 | 003,561,044 | ---- | C] () -- C:\Users\J23\Desktop\Enej - Radio Hello.mp3 [2011-07-02 20:35:01 | 000,000,965 | ---- | C] () -- C:\Users\J23\Desktop\UltraISO.lnk [2011-07-02 15:02:29 | 000,000,014 | ---- | C] () -- C:\Windows\cfh232.cfg [2011-07-02 14:49:22 | 000,000,016 | ---- | C] () -- C:\Windows\furry.ini [2011-06-29 16:02:10 | 001,806,892 | ---- | C] () -- C:\Users\J23\Desktop\FW-WAP4035v120.zip [2011-06-29 16:01:49 | 000,938,447 | ---- | C] () -- C:\Users\J23\Desktop\WAP-4033-4035 02.2006.pdf [2011-06-28 14:04:45 | 000,249,340 | ---- | C] () -- C:\Users\J23\Documents\Default.aimppl [2011-06-24 12:54:17 | 000,211,473 | R--- | C] () -- C:\Users\J23\Desktop\QUG-Planet.pdf [2011-06-24 11:53:26 | 000,112,553 | ---- | C] () -- C:\Users\J23\Desktop\ulotka_planet.pdf [2011-06-24 11:53:20 | 000,938,447 | ---- | C] () -- C:\Users\J23\Desktop\WAP-4033-4035_02.2006.pdf [2011-06-17 11:16:19 | 006,054,799 | ---- | C] () -- C:\Users\J23\Desktop\aimp_3.00.881_beta_2.zip [2011-06-17 03:23:45 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-16 09:42:26 | 020,029,812 | ---- | C] () -- C:\Users\J23\Desktop\k550.rar [2011-06-12 12:06:44 | 008,400,344 | ---- | C] () -- C:\Users\J23\Desktop\Benny Benassi-Satistaction.wav [2011-06-12 12:06:41 | 006,832,984 | ---- | C] () -- C:\Users\J23\Desktop\1082725003182_morwa_to_dla_sluchaczy.wmv [2011-06-11 20:12:55 | 000,000,977 | ---- | C] () -- C:\Users\J23\Desktop\ALLPlayer V4.6.lnk [2011-06-06 21:27:31 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-06-05 16:04:42 | 000,191,488 | ---- | C] () -- C:\Users\J23\Desktop\magia kart.pps [2011-06-02 20:55:58 | 003,790,921 | ---- | C] () -- C:\Users\J23\Desktop\aycan - lambada dj matt g remix rip.mp3 [2011-04-28 20:22:43 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat [2011-04-28 20:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011-04-28 20:14:29 | 000,000,028 | ---- | C] () -- C:\ProgramData\GRGames.ini [2011-04-20 20:16:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-04-20 20:14:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-04-20 20:14:51 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-04-18 19:53:58 | 000,037,840 | ---- | C] () -- C:\Windows\System32\drivers\ext2fs.sys [2011-04-18 19:08:30 | 000,000,192 | ---- | C] () -- C:\Windows\AWS.ini [2011-04-16 16:34:15 | 000,431,672 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011-04-08 19:08:23 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2011-03-21 18:34:32 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-03-07 16:36:57 | 000,000,000 | ---- | C] () -- C:\Users\J23\AppData\Roaming\chrtmp [2011-01-26 16:56:49 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-01-21 07:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-01-12 21:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2010-12-25 21:49:19 | 000,022,528 | ---- | C] () -- C:\Users\J23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-24 13:27:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-12-18 19:42:09 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2010-12-18 19:42:08 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2010-12-18 19:42:07 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2010-04-06 19:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2009-07-14 10:07:57 | 000,701,022 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,040 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 003,761,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,001,696 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008-09-01 22:45:21 | 000,109,216 | ---- | C] () -- C:\Users\J23\AppData\Local\GDIPFONTCACHEV1.DAT [2008-09-01 21:45:19 | 001,558,380 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008-01-01 21:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008-01-01 21:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2005-01-31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [color=#E56717]========== LOP Check ==========[/color] [2011-06-15 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\aerix [2011-07-20 11:01:57 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\AIMP3 [2011-04-07 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\AutoHideIP [2010-12-25 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\BESTplayer [2011-04-28 20:45:22 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\BITS [2011-03-07 16:37:38 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Blitware [2011-01-10 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\DAEMON Tools Lite [2011-03-02 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\EMCO [2011-06-27 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\EurekaLog [2011-04-28 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\FlashGet [2011-04-28 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\FlashGetBHO [2011-02-11 21:34:52 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Gadu-Gadu 10 [2011-04-28 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\GetRight [2010-12-17 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\GHISLER [2011-06-10 00:06:25 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\ipla [2011-01-27 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\IrfanView [2010-12-25 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\LolClient [2011-03-30 19:28:52 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Miranda [2010-12-24 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\OpenFM [2011-06-10 22:39:37 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\RDRM [2011-07-03 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Samsung [2011-04-28 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Tific [2010-12-24 13:13:31 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Tlen.pl [2011-06-12 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Win7codecs [2011-04-22 21:54:28 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-03-30 09:00:33 | 000,010,138 | ---- | M] () -- C:\aaw7boot.log [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011-06-05 17:43:15 | 000,055,637 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2010-11-20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2008-01-01 21:31:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-12-17 19:53:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-12-17 19:53:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-07-21 22:12:40 | 2011,684,864 | -HS- | M] () -- C:\pagefile.sys [2011-04-18 20:24:59 | 000,012,283 | ---- | M] () -- C:\TREEINFO.NCD [2008-09-01 21:39:48 | 000,171,136 | RHS- | M] () -- C:\W7LDR [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] Extras [log]OTL Extras logfile created on: 2011-07-21 22:44:37 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\J23\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 52,26% Memory free 3,75 Gb Paging File | 2,54 Gb Available in Paging File | 67,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,08 Gb Total Space | 12,18 Gb Free Space | 31,17% Space Free | Partition Type: NTFS Drive D: | 109,97 Gb Total Space | 8,06 Gb Free Space | 7,33% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 6,31 Gb Free Space | 4,24% Space Free | Partition Type: NTFS Computer Name: J23-KOMPUTER | User Name: J23 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallOverride" = 1 "DisableThumbnailCache" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Users\J23\Downloads\Flash-Player.exe" = C:\Users\J23\Downloads\Flash-Player.exe:*:Enabled:C:\Users\J23\Downloads\Flash-Player.exe "C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe "C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2 "{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{881C69F2-3861-4F18-BA0D-9B742C5E44FF}" = Voice Twister "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "18 Wheels of Steel Haulin" = 18 Wheels of Steel Haulin "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP3" = AIMP3 "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.04 "Audacity_is1" = Audacity 1.2.6 "AutoHideIP" = Auto Hide IP "avast" = avast! Internet Security "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Lite" = DAEMON Tools Lite "Gadu-Gadu 10" = Gadu-Gadu 10 "GOM Player" = GOM Player "Hard Truck 18 Wheels of Steel" = Hard Truck 18 Wheels of Steel "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "ipla" = ipla 2.2.1 "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NIS" = Norton Internet Security "nLite_is1" = nLite 1.4.9.1 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Profilin Stylin" = Profilin Stylin "Super Kulki_is1" = Super Kulki "Tlen.pl" = Tlen.pl "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Totalcmd" = Total Commander (Remove or Repair) "UltraISO_is1" = UltraISO Premium V9.36 "WinRAR archiver" = Archiwizator WinRAR "WMV To VCD DVD MPEG Converter Pro_is1" = WMV To VCD DVD MPEG Converter Pro 2.5 "Zuma Deluxe RA" = Zuma Deluxe RA [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [/log] RSIT log [log]Logfile of random's system information tool 1.09 (written by random/random) Run by J23 at 2011-07-21 22:57:51 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 12 GB (31%) free of 40 GB Total RAM: 1918 MB (31% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:58:01, on 2011-07-21 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WapSter\WapSter AQQ\AQQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\J23\Desktop\RSIT.exe C:\Program Files\trend micro\J23.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: BHO_HelloWorld.BHO - {cbfb5c65-652c-3e10-9d9a-e586816d9342} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{216FEFBE-B5D5-4B2D-BA8C-49C71DFFF041}: NameServer = 192.168.2.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E1BD89-5858-4A05-B4C5-AC5604EAB63B}: NameServer = 192.168.2.254,192.168.9.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{FE57A4E7-F404-4747-B354-815ECC05C7A3}: NameServer = 192.168.2.254,192.168.9.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{216FEFBE-B5D5-4B2D-BA8C-49C71DFFF041}: NameServer = 192.168.2.1,194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip\..\{216FEFBE-B5D5-4B2D-BA8C-49C71DFFF041}: NameServer = 192.168.2.1,194.204.152.34 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7284 bytes =========Mozilla firefox========= ProfilePath - C:\Users\J23\AppData\Roaming\Mozilla\Firefox\Profiles\hcn2mha1.default prefs.js - "browser.startup.homepage" - "google.pl" "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll FlashGet3.xpi nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll npdeployJava1.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\J23\AppData\Roaming\Mozilla\Firefox\Profiles\hcn2mha1.default\extensions\ support@auto-hide-ip.com {9D6218B8-03C7-4b91-AA43-680B305DD35C} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14 423792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13 80248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbfb5c65-652c-3e10-9d9a-e586816d9342}] BHO_HelloWorld.BHO - C:\Windows\system32\mscoree.dll [2010-11-05 297808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-18 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] IplexToALLPlayer - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL [2011-02-09 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14 423792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584] "tray_ico"= [] "tray_ico1"= [] "tray_ico2"= [] "tray_ico3"= [] "tray_ico4"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-05-26 15147400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe [2011-02-08 1362944] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP] C:\Program Files\AutoHideIP\AutoHideIP.exe [2011-03-29 3737840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast] C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\J23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "EnableLUA"=0 "EnableSecureUIAPaths"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "undockwithoutlogon"=1 "ShutdownWithoutLogon"=1 "NoDispCPL"=0 "NoDispSettingsPage"=0 "NoDispScrSavPage"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveTrack"=0 "NoViewContextMenu"=0 "NoFileAssociate"=0 "NoRun"=0 "NoClose"=0 "StartMenuLogoff"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3" "C:\Users\J23\Downloads\Flash-Player.exe"="C:\Users\J23\Downloads\Flash-Player.exe:*:Enabled:C:\Users\J23\Downloads\Flash-Player.exe" "C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe" "C:\Windows\services32.exe"="C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "VIDC.I420"=lvcodec2.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "msacm.ac3filter"=ac3filter.acm "vidc.XVID"=xvidvfw.dll "VIDC.FFDS"=ff_vfw.dll "msacm.avis"=ff_acm.acm "msacm.vorbis"=vorbis.acm ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2011-07-21 22:57:51 ----D---- C:\rsit 2011-07-21 22:07:13 ----D---- C:\Program Files\Symantec 2011-07-21 22:07:13 ----D---- C:\Program Files\Common Files\Symantec Shared 2011-07-21 22:07:13 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS 2011-07-21 22:06:29 ----D---- C:\Windows\system32\drivers\NIS 2011-07-21 22:06:26 ----D---- C:\Program Files\Norton Internet Security 2011-07-21 22:05:53 ----D---- C:\Program Files\NortonInstaller 2011-07-21 10:02:33 ----D---- C:\Windows\av_ico 2011-07-21 09:50:13 ----A---- C:\Windows\winlog-ids.txt 2011-07-21 09:50:13 ----A---- C:\Windows\winlog-dirs.txt 2011-07-18 23:35:37 ----A---- C:\Windows\system32\mshtmled.dll 2011-07-18 23:35:37 ----A---- C:\Windows\system32\iertutil.dll 2011-07-18 23:35:36 ----A---- C:\Windows\system32\jscript9.dll 2011-07-18 23:35:36 ----A---- C:\Windows\system32\jscript.dll 2011-07-18 23:35:36 ----A---- C:\Windows\system32\ieui.dll 2011-07-18 23:35:34 ----A---- C:\Windows\system32\mshtml.dll 2011-07-18 23:35:34 ----A---- C:\Windows\system32\ieframe.dll 2011-07-18 23:35:33 ----A---- C:\Windows\system32\urlmon.dll 2011-07-18 09:41:18 ----D---- C:\Users\J23\AppData\Roaming\Malwarebytes 2011-07-18 09:41:07 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-07-18 09:41:06 ----D---- C:\ProgramData\Malwarebytes 2011-07-18 09:41:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-07-18 09:41:03 ----A---- C:\Windows\system32\drivers\mbam.sys 2011-07-18 02:12:15 ----A---- C:\Windows\system32\wininet.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\wextract.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\webcheck.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\vbscript.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\url.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\pngfilt.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\occache.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\msrating.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\msls31.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\mshtmler.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\mshta.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\msfeedssync.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\msfeedsbs.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\msfeeds.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\licmgr10.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\jsproxy.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\inseng.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\imgutil.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iexpress.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieUnatt.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iesysprep.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iesetup.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iernonce.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iepeers.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\iedkcs32.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieapfltr.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieapfltr.dat 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieakui.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieaksie.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ieakeng.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\IEAdvpack.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\ie4uinit.exe 2011-07-18 02:12:15 ----A---- C:\Windows\system32\icardie.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\dxtrans.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\dxtmsft.dll 2011-07-18 02:12:15 ----A---- C:\Windows\system32\admparse.dll 2011-07-18 02:10:58 ----D---- C:\Program Files\Common Files\Java 2011-07-18 02:10:34 ----D---- C:\Program Files\Sun 2011-07-18 02:10:25 ----A---- C:\Windows\system32\javaws.exe 2011-07-18 02:10:25 ----A---- C:\Windows\system32\javaw.exe 2011-07-18 02:10:25 ----A---- C:\Windows\system32\java.exe 2011-07-18 01:42:38 ----SHD---- C:\Config.Msi 2011-07-13 23:31:01 ----D---- C:\Program Files\MSXML 4.0 2011-07-13 11:36:29 ----A---- C:\Windows\system32\winsrv.dll 2011-07-13 11:36:29 ----A---- C:\Windows\system32\kernel32.dll 2011-07-13 11:36:29 ----A---- C:\Windows\system32\conhost.exe 2011-07-13 11:36:20 ----A---- C:\Windows\system32\KernelBase.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-13 11:36:18 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-13 11:36:17 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-13 11:36:16 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-13 11:36:16 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-13 11:36:16 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-13 11:36:16 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-13 11:36:16 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-13 11:36:08 ----A---- C:\Windows\system32\win32k.sys 2011-07-11 14:58:17 ----D---- C:\Program Files\trend micro 2011-07-07 21:34:22 ----D---- C:\Program Files\ATI Technologies 2011-07-07 21:34:19 ----D---- C:\Program Files\ATI 2011-07-07 21:33:21 ----D---- C:\ATI 2011-07-07 20:42:17 ----A---- C:\Windows\system32\xinput1_3.dll 2011-07-07 20:42:17 ----A---- C:\Windows\system32\xactengine2_4.dll 2011-07-07 20:42:17 ----A---- C:\Windows\system32\x3daudio1_1.dll 2011-07-07 20:42:17 ----A---- C:\Windows\system32\d3dx9_31.dll 2011-07-07 20:42:16 ----A---- C:\Windows\system32\xinput1_2.dll 2011-07-07 20:42:16 ----A---- C:\Windows\system32\xinput1_1.dll 2011-07-07 20:42:16 ----A---- C:\Windows\system32\xactengine2_3.dll 2011-07-07 20:42:16 ----A---- C:\Windows\system32\xactengine2_2.dll 2011-07-07 20:42:15 ----A---- C:\Windows\system32\xactengine2_1.dll 2011-07-07 20:42:08 ----A---- C:\Windows\system32\xactengine2_0.dll 2011-07-07 20:42:08 ----A---- C:\Windows\system32\x3daudio1_0.dll 2011-07-07 20:42:08 ----A---- C:\Windows\system32\d3dx9_30.dll 2011-07-07 20:42:07 ----A---- C:\Windows\system32\d3dx9_29.dll 2011-07-07 20:42:07 ----A---- C:\Windows\system32\d3dx9_28.dll 2011-07-07 20:42:07 ----A---- C:\Windows\system32\d3dx9_27.dll 2011-07-07 20:42:06 ----A---- C:\Windows\system32\d3dx9_25.dll 2011-07-07 20:42:06 ----A---- C:\Windows\system32\d3dx9_24.dll 2011-07-07 20:38:18 ----D---- C:\Program Files\18 Wheels of Steel Haulin 2011-07-07 19:55:29 ----D---- C:\Program Files\Hard Truck 2011-07-06 15:30:17 ----D---- C:\Program Files\nLite 2011-07-06 08:05:51 ----D---- C:\Windows\Minidump 2011-07-05 23:47:01 ----D---- C:\Program Files\Temp 2011-07-04 11:18:35 ----D---- C:\Program Files\profilinstylin 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bwhnt.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bwh.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bmdm.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bmdfl.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bcmnt.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bcm.sys 2011-07-03 21:35:06 ----A---- C:\Windows\system32\drivers\ss_bbus.sys 2011-07-03 21:34:17 ----D---- C:\ProgramData\Samsung 2011-07-03 21:33:47 ----A---- C:\Windows\system32\FsUsbExService.Exe 2011-07-03 21:33:47 ----A---- C:\Windows\system32\FsUsbExDisk.Sys 2011-07-03 21:33:47 ----A---- C:\Windows\system32\FsUsbExDevice.Dll 2011-07-03 21:33:27 ----D---- C:\Users\J23\AppData\Roaming\Samsung 2011-07-03 21:32:42 ----D---- C:\Program Files\MarkAny 2011-07-03 21:32:15 ----D---- C:\Program Files\Samsung 2011-07-02 20:35:00 ----D---- C:\Program Files\Common Files\EZB Systems 2011-07-02 20:34:57 ----D---- C:\Program Files\UltraISO 2011-07-02 14:49:22 ----A---- C:\Windows\furry.ini 2011-06-29 11:59:59 ----A---- C:\Windows\ntbtlog.txt 2011-06-29 11:54:02 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2011-06-29 11:54:01 ----A---- C:\Windows\system32\drivers\aswSP.sys 2011-06-29 11:53:59 ----A---- C:\Windows\system32\drivers\aswFW.sys 2011-06-29 11:53:40 ----A---- C:\Windows\system32\drivers\aswNdis2.sys 2011-06-29 11:53:39 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2011-06-29 11:53:39 ----A---- C:\Windows\system32\drivers\aswRdr.sys 2011-06-29 11:53:38 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2011-06-29 11:53:38 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2011-06-29 11:53:09 ----A---- C:\Windows\system32\aswBoot.exe 2011-06-29 11:53:09 ----A---- C:\Windows\avastSS.scr 2011-06-28 20:39:27 ----A---- C:\Windows\system32\tquery.dll 2011-06-28 20:39:27 ----A---- C:\Windows\system32\SearchIndexer.exe 2011-06-28 20:39:27 ----A---- C:\Windows\system32\mssrch.dll 2011-06-28 20:39:26 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2011-06-28 20:39:26 ----A---- C:\Windows\system32\SearchFilterHost.exe 2011-06-28 20:39:26 ----A---- C:\Windows\system32\mssvp.dll 2011-06-28 20:39:26 ----A---- C:\Windows\system32\mssphtb.dll 2011-06-28 20:39:26 ----A---- C:\Windows\system32\mssph.dll 2011-06-28 20:39:25 ----A---- C:\Windows\system32\msscntrs.dll 2011-06-28 20:39:24 ----A---- C:\Windows\system32\umpnpmgr.dll 2011-06-27 10:07:02 ----A---- C:\Windows\system32\CmdLineExt.dll ======List of files/folders modified in the last 1 month====== 2011-07-21 22:57:54 ----D---- C:\Windows\Temp 2011-07-21 22:54:29 ----D---- C:\Users\J23\AppData\Roaming\Skype 2011-07-21 22:28:10 ----D---- C:\Windows\system32\config 2011-07-21 22:17:18 ----D---- C:\Windows\system32\drivers 2011-07-21 22:14:26 ----D---- C:\Windows\system32\DriverStore 2011-07-21 22:14:26 ----D---- C:\Windows\system32\catroot 2011-07-21 22:14:25 ----D---- C:\Windows\inf 2011-07-21 22:08:28 ----D---- C:\Windows\Prefetch 2011-07-21 22:07:37 ----D---- C:\Windows\system32\Tasks 2011-07-21 22:07:17 ----SHD---- C:\System Volume Information 2011-07-21 22:07:13 ----RD---- C:\Program Files 2011-07-21 22:07:13 ----D---- C:\Program Files\Common Files 2011-07-21 22:06:26 ----D---- C:\ProgramData\Norton 2011-07-21 22:06:20 ----D---- C:\ProgramData\NortonInstaller 2011-07-21 22:01:56 ----D---- C:\Windows 2011-07-21 13:47:44 ----D---- C:\Program Files\ATI Reality 2011-07-21 10:09:42 ----D---- C:\Windows\Vss 2011-07-21 10:01:09 ----HD---- C:\ProgramData 2011-07-20 11:01:57 ----D---- C:\Users\J23\AppData\Roaming\AIMP3 2011-07-19 23:22:41 ----D---- C:\Windows\System32 2011-07-19 23:22:41 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-07-19 10:17:27 ----D---- C:\Windows\winsxs 2011-07-19 10:16:52 ----D---- C:\Program Files\Internet Explorer 2011-07-18 14:39:56 ----D---- C:\Windows\rescache 2011-07-18 14:13:45 ----D---- C:\Windows\system32\NDF 2011-07-18 02:14:00 ----D---- C:\Windows\system32\pl-PL 2011-07-18 02:13:59 ----D---- C:\Windows\system32\migration 2011-07-18 02:13:59 ----D---- C:\Windows\system32\en-US 2011-07-18 02:13:59 ----D---- C:\Windows\PolicyDefinitions 2011-07-18 02:13:14 ----D---- C:\Windows\servicing 2011-07-18 02:13:14 ----D---- C:\Windows\Logs 2011-07-18 02:13:01 ----D---- C:\Windows\system32\catroot2 2011-07-18 02:10:59 ----SHD---- C:\Windows\Installer 2011-07-18 02:10:19 ----A---- C:\Windows\system32\deployJava1.dll 2011-07-18 02:09:26 ----D---- C:\Program Files\Java 2011-07-18 01:45:28 ----D---- C:\Program Files\Common Files\Adobe 2011-07-18 01:45:25 ----D---- C:\ProgramData\Adobe 2011-07-18 01:45:24 ----D---- C:\Program Files\Adobe 2011-07-16 12:37:16 ----SD---- C:\Users\J23\AppData\Roaming\Microsoft 2011-07-15 15:19:47 ----D---- C:\Windows\Tasks 2011-07-13 23:31:29 ----D---- C:\Windows\debug 2011-07-13 23:31:27 ----A---- C:\Windows\system32\MRT.exe 2011-07-10 21:43:21 ----D---- C:\ProgramData\OpenFM 2011-07-07 20:42:15 ----RSD---- C:\Windows\assembly 2011-07-07 15:10:21 ----D---- C:\ProgramData\regid.1986-12.com.adobe 2011-07-03 23:08:09 ----D---- C:\Windows\system32\drivers\UMDF 2011-07-03 21:33:18 ----D---- C:\Windows\SoftwareDistribution 2011-07-03 21:33:06 ----HD---- C:\Program Files\InstallShield Installation Information 2011-06-29 03:16:18 ----RSD---- C:\Windows\Fonts 2011-06-27 22:53:59 ----D---- C:\Program Files\Counter-Strike 2011-06-27 21:09:26 ----D---- C:\Users\J23\AppData\Roaming\EurekaLog 2011-06-25 07:55:23 ----D---- C:\Windows\Microsoft.NET 2011-06-23 10:45:59 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-17 431672] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672] R0 Ultra;Ultra; C:\Windows\system32\DRIVERS\ultra.sys [2002-05-03 41280] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360] R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys [2010-06-27 344112] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS [2010-07-29 50096] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704] R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS [2010-07-13 294448] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-14 4194816] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\NAVENG.SYS [2011-07-21 86008] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110721.003\NAVEX15.SYS [2011-07-21 1542392] R3 RT2500;RT2500 Wireless Driver; C:\Windows\system32\DRIVERS\RT2500.sys [2006-06-02 236800] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS [2010-07-29 489008] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-07-21 126512] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;Sterownik filtru magistrali AGP AMD; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [] S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys [] S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys [] S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2010-04-06 25864] S3 cpu;cpu; \??\C:\cpu.sys [] S3 Ext2FS;Ext2FS; C:\Windows\system32\drivers\Ext2FS.sys [2004-01-23 37840] S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2010-04-06 23048] S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-01-31 22016] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712] S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-08-16 16472] S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-08-16 11104] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sisagp;Filtr magistrali AGP SIS; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 viaagp;Filtr magistrali AGP VIA; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920] S3 WINUSB;Sterownik WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400] S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S4 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [2009-08-24 406016] S4 KMService;KMService; C:\Windows\system32\srvany.exe [2011-01-12 8192] S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488] S4 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] -----------------EOF----------------- [/log] info [log]info.txt logfile of random's system information tool 1.09 2011-07-21 22:58:06 ======Uninstall list====== 18 Wheels of Steel Haulin-->C:\PROGRA~1\18WHEE~1\UNWISE.EXE C:\PROGRA~1\18WHEE~1\INSTALL.LOG Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe Creative Suite 5 Master Collection-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA} Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA} Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} AIMP3-->C:\Program Files\AIMP3\Uninstall.exe Aktualizacja dla programu Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0415-0000-0000000FF1CE}" "{0F03EE57-6776-4ADA-99CF-ECA4B81BC5E0}" "1045" "0" ALLConverter PRO 1.1-->"C:\Program Files\ALLConverter PRO\unins000.exe" ALLPlayer V4.X-->"C:\Program Files\ALLPlayer\unins000.exe" Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ashampoo WinOptimizer 8 v.8.04-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\unins000.exe" Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Auto Hide IP-->"C:\Program Files\AutoHideIP\uninst.exe" avast! Internet Security-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917} DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}" "1045" "0" Driver Robot-->"C:\Program Files\Driver Robot\2.5.3.0\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Hard Truck 18 Wheels of Steel-->C:\PROGRA~1\HARDTR~1\UNWISE.EXE C:\PROGRA~1\HARDTR~1\INSTALL.LOG ipla 2.2.1-->C:\Program Files\ipla\uninst.exe IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe Java DB 10.6.2.1-->MsiExec.exe /X{73EC658D-A1C6-40CA-8E86-E05821BAACE7} Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} Java(TM) SE Development Kit 6 Update 26-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160260} JDownloader-->C:\Program Files\JDownloader\uninstall.exe Malwarebytes' Anti-Malware wersja 1.51.1.1800-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office Access MUI (Polish) 2010-->MsiExec.exe /X{90140000-0015-0415-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2010-->MsiExec.exe /X{90140000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2010-->MsiExec.exe /X{90140000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2010-->MsiExec.exe /X{90140000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2010-->MsiExec.exe /X{90140000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2010-->MsiExec.exe /X{90140000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2010-->MsiExec.exe /X{90140000-0018-0415-0000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2010-->MsiExec.exe /X{90140000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2010-->MsiExec.exe /X{90140000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2010-->MsiExec.exe /X{90140000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2010-->MsiExec.exe /X{90140000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2010-->MsiExec.exe /X{90140000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57} Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7} Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C} Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} MiniTool Partition Wizard Home Edition 5.2-->"C:\Program Files\MiniTool Partition Wizard Home Edition 5.2\unins000.exe" Mozilla Firefox 5.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe" Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.1.0.37\InstStub.exe /X Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe PC Connectivity Solution-->MsiExec.exe /I{83258E90-1F76-4E13-9F60-A0F8ED41E76F} PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Profilin Stylin -->C:\Program Files\profilinstylin\profilinstylin_Uninstall.exe QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0415 -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft Excel 2010 (KB2523021)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{AA9E4C48-857D-4558-A4F4-343CA7680277}" "1045" "0" Security Update for Microsoft InfoPath 2010 (KB2510065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3C6C6854-EB6B-455C-B0A6-9871F0538028}" "1045" "0" Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1045" "0" Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1045" "0" Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1045" "0" Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1045" "0" Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1045" "0" Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846} Super Kulki-->"C:\Program Files\Super Kulki\unins000.exe" System Requirements Lab CYRI-->MsiExec.exe /I{679F739E-5C76-4A41-B562-F9392156B6DD} Tlen.pl-->"C:\Program Files\Tlen.pl\uninstall.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe" UltraISO Premium V9.36-->"C:\Program Files\UltraISO\unins000.exe" Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1045" "0" Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1045" "0" Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1045" "0" Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1045" "0" Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1045" "0" Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1045" "0" Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1045" "0" Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1045" "0" Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Voice Twister-->MsiExec.exe /I{881C69F2-3861-4F18-BA0D-9B742C5E44FF} WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WMV To VCD DVD MPEG Converter Pro 2.5-->"C:\Program Files\WMV To VCD DVD MPEG Converter Pro\unins000.exe" Zuma Deluxe RA-->C:\PROGRA~1\ZUMADE~1\UNWISE.EXE C:\PROGRA~1\ZUMADE~1\INSTALL.LOG ======System event log====== Computer Name: J23-Komputer Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan zatrzymania. Record Number: 9153 Source Name: Service Control Manager Time Written: 20110113171030.638855-000 Event Type: Informacje User: Computer Name: J23-Komputer Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 9152 Source Name: Service Control Manager Time Written: 20110113170000.690824-000 Event Type: Informacje User: Computer Name: J23-Komputer Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia. Record Number: 9151 Source Name: Service Control Manager Time Written: 20110113165958.737191-000 Event Type: Informacje User: Computer Name: J23-Komputer Event Code: 7036 Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan zatrzymania. Record Number: 9150 Source Name: Service Control Manager Time Written: 20110113164839.730407-000 Event Type: Informacje User: Computer Name: J23-Komputer Event Code: 7036 Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan uruchomienia. Record Number: 9149 Source Name: Service Control Manager Time Written: 20110113163209.721481-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247D28-05 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 5 Source Name: Microsoft-Windows-WMI Time Written: 20080101193356.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20080101193352.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20080101193348.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20080101193347.705750-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: WIN-4740FUN1S7A Event Code: 1001 Message: Sprawdzanie systemu plików na D: Typ systemu plików to NTFS. Jeden z dysków wymaga sprawdzenia spójnosci danych. Mozesz anulowac to sprawdzenie, ale zaleca sie jego kontynuowanie. System Windows sprawdzi teraz dysk. CHKDSK sprawdza pliki (poziom 1 z 3) Przetworzone rekordy plików: 3328. Ukonczono sprawdzanie plików. Przetworzone rekordy duzych plików: 0. Przetworzone rekordy uszkodzonych plików: 0. Przetworzone rekordy atrybutów rozszerzonych: 0. Przetworzone rekordy ponownej analizy: 0. CHKDSK sprawdza indeksy (poziom 2 z 3) Przetworzone wpisy indeksu: 4050. Ukonczono weryfikacje indeksów. Przeskanowane pliki nieindeksowane: 0. Odzyskane pliki nieindeksowane: 0. CHKDSK sprawdza deskryptory zabezpieczen (poziom 3 z 3) Przetworzone deskryptory zabezpieczen/identyfikatory plików: 3328. Oczyszczanie 1 nieuzywanych wpisów w indeksie $SII pliku 0x9. Oczyszczanie 1 nieuzywanych wpisów w indeksie $SDH pliku 0x9. Porzadkowanie 1 nieuzywanych deskryptorów zabezpieczen. Ukonczono sprawdzanie deskryptorów zabezpieczen. Przetworzone pliki danych: 361. System Windows sprawdzil system plików i nie znalazl zadnych problemów. 115314536 KB calkowitego miejsca na dysku. 47928864 KB w 2730 plikach. 1544 KB w 363 indeksach. 0 KB w uszkodzonych sektorach. 72792 KB uzywanych przez system. 65536 KB zajetych przez plik dziennika. 67311336 KB dostepnych na dysku. 4096 bajtów w kazdej jednostce alokacji. 28828634 ogólem jednostek alokacji na dysku. 16827834 jednostek alokacji dostepnych na dysku. Informacje wewnetrzne: 00 0d 00 00 20 0c 00 00 82 13 00 00 00 00 00 00 .... ........... b1 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 16 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 ................ Record Number: 1 Source Name: Microsoft-Windows-Wininit Time Written: 20080101193346.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: J23-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 4617 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110317055210.867273-000 Event Type: Sukcesy inspekcji User: Computer Name: J23-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: J23-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x20c Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4616 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110317055210.867273-000 Event Type: Sukcesy inspekcji User: Computer Name: J23-Komputer Event Code: 5056 Message: Wykonano autotest funkcji kryptograficznej. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: J23-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Moduł: ncrypt.dll Kod powrotny: 0x0 Record Number: 4615 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110317055206.337237-000 Event Type: Sukcesy inspekcji User: Computer Name: J23-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 4614 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110317055204.836425-000 Event Type: Sukcesy inspekcji User: Computer Name: J23-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: J23-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x20c Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4613 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110317055204.836425-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log]
wacek223 komentarz 22 lipca 2011 Autor komentarz 22 lipca 2011 Ktoś włamał się na GG i FB do kumpla i z GG wysłał mi link do podrobionego Youtube i tak z rozpędu kliknąłem i pisało, że brakuje jakiejś wtyczki więc kliknąłem ściągnęło mi to odpaliłem i Avast nic nie wykrył tylko zaraz Malwarebytes' Anti-Malware zaczął krzyczeć, że Trojan.Dropper.. Więc usunąłem ten plik, i Malwarebytes' Anti-Malware wymagał ponownego uruchomienie, żeby usunąć to co ten Trojan zostawił.. Komp się odpalił i Trojan podrobił się pod avasta którego mi usunął i pod ikonką zmienił element docelowy i uruchamiał się z autostartem więc znalazłem go w jakim folderze z Windows.. i usunąłem ten plik.. zeskanowałem komputer jeszcze raz, wykrył coś więc usunąłem jeszcze co było i wstawiłem logi do sprawdzenia czy czysto jest czy pozostało coś po nim.. Aaa i w menadżerze urządzeń mi się porobiły !(wykrzykniki obok ikonek) i tam było coś z siecią i Firewall avast(wszystko z avastem) więc odinstalowałem to bo było zbędne, a teraz mam Nortona.
wirusolog komentarz 22 lipca 2011 komentarz 22 lipca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: avast - hkey= - key= - File not found O31 - SafeBoot: AlternateShell - services32.exe O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico1] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b] (wklepujesz te same parametry co wcześniej). Pokazujesz nowe logi z OTL + raport z usuwania OTLem.
wacek223 komentarz 22 lipca 2011 Autor komentarz 22 lipca 2011 Usuwanie OTL [log]All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\avast\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: J23 ->Flash cache emptied: 1421 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: J23 ->Temp folder emptied: 4471163 bytes ->Temporary Internet Files folder emptied: 2638666 bytes ->Java cache emptied: 6146271 bytes ->FireFox cache emptied: 304050901 bytes ->Google Chrome cache emptied: 17474523 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 402655 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 320,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07222011_234949 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] OTL [log]OTL logfile created on: 2011-07-22 23:58:56 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\J23\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 49,55% Memory free 3,75 Gb Paging File | 2,65 Gb Available in Paging File | 70,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,08 Gb Total Space | 13,25 Gb Free Space | 33,91% Space Free | Partition Type: NTFS Drive D: | 109,97 Gb Total Space | 10,68 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 6,31 Gb Free Space | 4,24% Space Free | Partition Type: NTFS Drive G: | 657,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: J23-KOMPUTER | User Name: J23 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-06-23 10:45:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-06-23 10:45:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011-05-26 21:50:22 | 015,147,400 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe PRC - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2010-11-20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2010-11-20 14:17:48 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe PRC - [2010-11-20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-11-20 14:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 03:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe MOD - [2011-06-03 07:59:23 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2011-05-14 08:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011-01-12 21:33:36 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2010-12-18 11:17:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe -- (DfSdkS) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-09-08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-05-31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-22 01:39:57 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-07-21 22:42:07 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110722.002\NAVEX15.SYS -- (NAVEX15) DRV - [2011-07-21 22:42:07 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011-07-21 22:42:07 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011-07-21 22:42:07 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110722.002\NAVENG.SYS -- (NAVENG) DRV - [2011-07-21 08:09:02 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110721.031_584\IDSvix86.sys -- (IDSVix86) DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-07-01 00:11:24 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011-05-17 16:50:47 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011-03-31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011-03-31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011-03-22 02:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS) DRV - [2011-03-15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011-01-27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS) DRV - [2011-01-27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON) DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-08-16 16:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2010-08-16 16:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2010-06-14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010-04-27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010-04-27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010-04-27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2010-04-06 19:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2010-04-06 19:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2010-04-06 19:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009-07-14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008-08-26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-06-02 06:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500) DRV - [2005-01-31 11:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2005-01-31 11:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004-01-23 19:34:26 | 000,037,840 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2FS) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "google.pl" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\J23\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\J23\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-07-22 23:54:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011-07-22 23:54:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-23 10:45:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-18 01:45:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\profilinstylin\profilinstylin [2011-07-04 11:18:37 | 000,000,000 | ---D | M] [2008-09-01 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J23\AppData\Roaming\mozilla\Extensions [2011-07-15 15:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions [2010-12-17 21:38:55 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C} [2011-04-07 20:09:54 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\J23\AppData\Roaming\mozilla\Firefox\Profiles\hcn2mha1.default\extensions\support@auto-hide-ip.com [2011-07-18 02:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-06-17 03:24:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010-12-19 10:56:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-12-21 17:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-07-18 02:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011-07-04 11:18:37 | 000,000,000 | ---D | M] (profilinstylin - Change your Facebook layout!) -- C:\PROGRAM FILES\PROFILINSTYLIN\PROFILINSTYLIN [2011-07-22 23:54:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8 [2011-07-22 23:54:36 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN () (No name found) -- C:\USERS\J23\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCN2MHA1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\J23\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCN2MHA1.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI [2011-06-23 10:45:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-07-18 02:10:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-04-20 20:24:54 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-04-20 20:24:54 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-04-20 20:24:54 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-04-20 20:24:54 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-04-20 20:24:54 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-04-20 20:24:54 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: 使用快车3下载 - C:\Users\J23\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\J23\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-06-05 17:43:15 | 000,055,637 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2001-10-26 21:12:38 | 000,000,112 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{b7e78240-8095-11e0-b952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b7e78240-8095-11e0-b952-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2008-04-15 00:51:08 | 002,584,576 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]Auto Hide IP[/b] - hkey= - key= - C:\Program Files\AutoHideIP\AutoHideIP.exe (AutoHideIP.Com) MsConfig - StartUpReg: [b]AutoStartNPSAgent[/b] - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Users\J23\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Windows Mobile Device Center[/b] - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-22 23:49:49 | 000,000,000 | ---D | C] -- C:\_OTL [2011-07-22 01:39:54 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys [2011-07-22 01:39:53 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys [2011-07-22 01:39:53 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys [2011-07-22 01:39:53 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys [2011-07-22 01:39:53 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys [2011-07-22 01:39:53 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys [2011-07-22 01:38:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D [2011-07-21 22:57:51 | 000,000,000 | ---D | C] -- C:\rsit [2011-07-21 22:37:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe [2011-07-21 22:07:13 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-21 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011-07-21 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-07-21 22:06:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2011-07-21 22:06:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011-07-21 22:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2011-07-21 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-07-21 10:02:33 | 000,000,000 | ---D | C] -- C:\Windows\av_ico [2011-07-21 09:54:14 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Solid State Networks [2011-07-18 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\J23\DoctorWeb [2011-07-18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Malwarebytes [2011-07-18 09:41:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-18 09:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-07-18 09:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-07-18 09:41:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-18 09:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-07-18 02:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-07-18 02:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sun [2011-07-18 01:42:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-07-14 10:49:57 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727 [2011-07-13 23:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2011-07-11 14:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-07-11 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-07-11 14:20:25 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Google [2011-07-09 22:58:49 | 000,955,070 | ---- | C] (Informer Technologies, Inc. ) -- C:\Users\J23\Desktop\siinst.exe [2011-07-07 21:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011-07-07 21:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011-07-07 21:33:21 | 000,000,000 | ---D | C] -- C:\ATI [2011-07-07 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\18 WoS Haulin [2011-07-07 20:39:14 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel Haulin [2011-07-07 20:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel Haulin [2011-07-07 20:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel Haulin [2011-07-07 19:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Truck [2011-07-07 19:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Truck [2011-07-06 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite [2011-07-06 15:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\nLite [2011-07-06 08:05:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011-07-05 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2011-07-05 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\furry2final [2011-07-04 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\profilinstylin [2011-07-03 22:25:30 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\Firmware-Avila-SAMSUNG-Niebrandowany [2011-07-03 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\NPS [2011-07-03 21:40:37 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My Art [2011-07-03 21:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio [2011-07-03 21:35:06 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2011-07-03 21:35:06 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2011-07-03 21:35:06 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2011-07-03 21:35:06 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2011-07-03 21:35:06 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2011-07-03 21:35:06 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2011-07-03 21:35:06 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys [2011-07-03 21:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011-07-03 21:33:47 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2011-07-03 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Samsung [2011-07-03 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My NPS Files [2011-07-03 21:33:16 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\Samsung [2011-07-03 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2011-07-03 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011-07-03 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Local\Downloaded Installations [2011-07-02 20:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2011-07-02 20:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems [2011-07-02 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO [2011-07-02 20:34:57 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\My ISO Files [2011-07-02 14:49:02 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\Furry_www.victorygames.pl [2011-06-29 11:54:02 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-06-29 11:54:01 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-06-29 11:53:59 | 000,103,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2011-06-29 11:53:40 | 000,194,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2011-06-29 11:53:39 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-06-29 11:53:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-06-29 11:53:38 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-06-29 11:53:38 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-06-29 11:53:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-06-29 11:53:09 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011-06-27 10:07:02 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011-06-17 03:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-06-17 03:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011-06-16 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\J23\Desktop\K550 [2011-06-15 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\aerix [2011-06-14 22:07:07 | 000,000,000 | ---D | C] -- C:\Users\J23\Documents\GTA San Andreas User Files [2011-06-14 21:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011-06-14 21:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2011-06-12 18:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs [2011-06-12 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\J23\AppData\Roaming\Win7codecs [2011-06-12 18:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Win7codecs [2011-06-06 21:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-06-05 17:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa 6 [2011-06-05 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\AutoMapa EU [2011-06-02 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011-06-02 20:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010-02-03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-23 00:01:48 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 00:01:48 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-22 23:54:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-07-22 23:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-22 23:52:34 | 003,407,872 | -HS- | M] () -- C:\Users\J23\NTUSER.DAT [2011-07-22 20:28:43 | 000,249,340 | ---- | M] () -- C:\Users\J23\Documents\Default.aimppl [2011-07-22 20:09:03 | 001,558,380 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-07-22 20:09:03 | 000,701,022 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-07-22 20:09:03 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-22 20:09:03 | 000,136,040 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-07-22 20:09:03 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-22 10:15:44 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-22 10:15:13 | 001,346,386 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB [2011-07-22 01:39:57 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011-07-22 01:39:57 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-22 01:39:57 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-21 22:37:53 | 000,781,383 | ---- | M] () -- C:\Users\J23\Desktop\RSIT.exe [2011-07-21 22:37:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\J23\Desktop\OTL.exe [2011-07-21 22:11:17 | 001,307,216 | -H-- | M] () -- C:\Users\J23\AppData\Local\IconCache.db [2011-07-21 10:02:48 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security v6.0.1000 [PL] Crack [2011-07-20 14:18:07 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat [2011-07-18 09:55:52 | 071,473,048 | ---- | M] () -- C:\Users\J23\Desktop\launch.exe [2011-07-18 09:41:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-18 02:12:15 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-07-18 01:45:29 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-07-16 23:36:52 | 000,308,870 | ---- | M] () -- C:\Users\J23\Desktop\Digital_Chocolate_-_Tower_Bloxx_Deluxe_3D_SE_176x220.jar [2011-07-16 23:32:19 | 000,191,000 | ---- | M] () -- C:\Users\J23\Desktop\Digital.Chocolate.-.Tower.Bloxx.SE.176x220.jar [2011-07-14 08:34:57 | 003,761,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-07-13 11:28:16 | 000,002,349 | ---- | M] () -- C:\Users\J23\Desktop\Google Chrome.lnk [2011-07-11 14:51:07 | 000,048,666 | ---- | M] () -- C:\Users\J23\Desktop\screen.jpg [2011-07-11 14:06:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011-07-11 11:59:55 | 048,062,655 | ---- | M] () -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727.rar [2011-07-09 22:58:51 | 000,955,070 | ---- | M] (Informer Technologies, Inc. ) -- C:\Users\J23\Desktop\siinst.exe [2011-07-08 21:04:06 | 004,096,449 | ---- | M] () -- C:\Users\J23\Desktop\Tina Turner - We Don T Need Another Hero.mp3 [2011-07-08 20:52:31 | 004,575,013 | ---- | M] () -- C:\Users\J23\Desktop\weekend - ona i on.mp3 [2011-07-08 20:24:04 | 003,825,194 | ---- | M] () -- C:\Users\J23\Desktop\w.b.u - zepsuty świat.mp3 [2011-07-08 20:15:47 | 003,943,206 | ---- | M] () -- C:\Users\J23\Desktop\Bloodhound Gang - The bad touch.mp3 [2011-07-08 20:10:18 | 001,914,044 | ---- | M] () -- C:\Users\J23\Desktop\La Bouche - Be My Lover.mp3 [2011-07-08 15:46:44 | 000,022,528 | ---- | M] () -- C:\Users\J23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-07 20:39:14 | 000,001,028 | ---- | M] () -- C:\Users\J23\Desktop\18 Wheels of Steel Haulin.lnk [2011-07-07 19:55:46 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Hard Truck 18 Wheels of Steel.lnk [2011-07-07 19:53:40 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2011-07-07 19:53:40 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-07-06 15:30:18 | 000,000,921 | ---- | M] () -- C:\Users\J23\Desktop\nLite.lnk [2011-07-06 08:29:59 | 004,660,904 | ---- | M] () -- C:\Users\J23\Desktop\rtlsetup-pcie(664).zip [2011-07-06 08:29:22 | 000,001,332 | ---- | M] () -- C:\Users\J23\Desktop\ich8smb.zip [2011-07-06 08:26:59 | 000,173,089 | ---- | M] () -- C:\Users\J23\Desktop\winxp.rar [2011-07-05 23:47:11 | 000,000,965 | ---- | M] () -- C:\Users\J23\Desktop\UltraISO.lnk [2011-07-05 11:46:11 | 011,529,842 | ---- | M] () -- C:\Users\J23\Desktop\furry2final.zip [2011-07-05 11:43:24 | 000,000,014 | ---- | M] () -- C:\Windows\cfh232.cfg [2011-07-05 11:43:23 | 000,000,016 | ---- | M] () -- C:\Windows\furry.ini [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-04 13:37:33 | 000,103,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-04 13:36:18 | 000,194,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-07-03 23:08:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-07-03 23:05:06 | 000,411,095 | ---- | M] () -- C:\Users\J23\Desktop\Diamond Twister.jar [2011-07-03 21:48:06 | 000,929,792 | ---- | M] () -- C:\Users\J23\Desktop\Phonebook.npf [2011-07-03 21:36:05 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2011-07-03 21:20:25 | 173,838,160 | ---- | M] () -- C:\Users\J23\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2011-07-03 17:41:08 | 003,561,044 | ---- | M] () -- C:\Users\J23\Desktop\Enej - Radio Hello.mp3 [2011-06-29 16:02:11 | 001,806,892 | ---- | M] () -- C:\Users\J23\Desktop\FW-WAP4035v120.zip [2011-06-29 16:01:52 | 000,938,447 | ---- | M] () -- C:\Users\J23\Desktop\WAP-4033-4035 02.2006.pdf [2011-06-27 10:07:02 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011-06-24 12:48:46 | 000,211,473 | R--- | M] () -- C:\Users\J23\Desktop\QUG-Planet.pdf [2011-06-24 11:53:26 | 000,112,553 | ---- | M] () -- C:\Users\J23\Desktop\ulotka_planet.pdf [2011-06-24 11:53:20 | 000,938,447 | ---- | M] () -- C:\Users\J23\Desktop\WAP-4033-4035_02.2006.pdf [2011-06-17 11:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk [2011-06-17 11:16:47 | 006,054,799 | ---- | M] () -- C:\Users\J23\Desktop\aimp_3.00.881_beta_2.zip [2011-06-17 03:23:45 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-16 09:44:23 | 020,029,812 | ---- | M] () -- C:\Users\J23\Desktop\k550.rar [2011-06-11 20:12:55 | 000,000,977 | ---- | M] () -- C:\Users\J23\Desktop\ALLPlayer V4.6.lnk [2011-06-05 16:04:47 | 000,191,488 | ---- | M] () -- C:\Users\J23\Desktop\magia kart.pps [2011-06-02 20:59:05 | 003,790,921 | ---- | M] () -- C:\Users\J23\Desktop\aycan - lambada dj matt g remix rip.mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-22 10:14:43 | 001,346,386 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB [2011-07-22 01:39:54 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat [2011-07-22 01:39:54 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf [2011-07-22 01:39:53 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat [2011-07-22 01:39:53 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat [2011-07-22 01:39:53 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat [2011-07-22 01:39:53 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat [2011-07-22 01:39:53 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf [2011-07-22 01:39:53 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf [2011-07-22 01:39:53 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf [2011-07-22 01:39:53 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf [2011-07-22 01:39:53 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf [2011-07-22 01:39:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat [2011-07-22 01:38:59 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini [2011-07-21 22:37:52 | 000,781,383 | ---- | C] () -- C:\Users\J23\Desktop\RSIT.exe [2011-07-21 22:07:13 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011-07-21 22:07:13 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011-07-21 22:07:01 | 000,002,423 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-07-21 10:02:48 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Avast Internet Security v6.0.1000 [PL] Crack [2011-07-18 09:51:03 | 071,473,048 | ---- | C] () -- C:\Users\J23\Desktop\launch.exe [2011-07-18 09:41:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-07-18 09:30:40 | 000,001,421 | ---- | C] () -- C:\Users\J23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011-07-18 02:12:15 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-07-18 01:45:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-07-18 01:45:29 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-07-16 23:36:51 | 000,308,870 | ---- | C] () -- C:\Users\J23\Desktop\Digital_Chocolate_-_Tower_Bloxx_Deluxe_3D_SE_176x220.jar [2011-07-16 23:32:10 | 000,191,000 | ---- | C] () -- C:\Users\J23\Desktop\Digital.Chocolate.-.Tower.Bloxx.SE.176x220.jar [2011-07-11 14:51:07 | 000,048,666 | ---- | C] () -- C:\Users\J23\Desktop\screen.jpg [2011-07-11 14:22:17 | 000,002,349 | ---- | C] () -- C:\Users\J23\Desktop\Google Chrome.lnk [2011-07-11 11:56:07 | 048,062,655 | ---- | C] () -- C:\Users\J23\Desktop\sterowniki_xp_fujitsu_siemens_amilo_li2727.rar [2011-07-08 21:00:41 | 004,096,449 | ---- | C] () -- C:\Users\J23\Desktop\Tina Turner - We Don T Need Another Hero.mp3 [2011-07-08 20:49:05 | 004,575,013 | ---- | C] () -- C:\Users\J23\Desktop\weekend - ona i on.mp3 [2011-07-08 20:23:53 | 003,825,194 | ---- | C] () -- C:\Users\J23\Desktop\w.b.u - zepsuty świat.mp3 [2011-07-08 20:15:37 | 003,943,206 | ---- | C] () -- C:\Users\J23\Desktop\Bloodhound Gang - The bad touch.mp3 [2011-07-08 20:10:11 | 001,914,044 | ---- | C] () -- C:\Users\J23\Desktop\La Bouche - Be My Lover.mp3 [2011-07-07 20:39:14 | 000,001,028 | ---- | C] () -- C:\Users\J23\Desktop\18 Wheels of Steel Haulin.lnk [2011-07-07 19:55:46 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Hard Truck 18 Wheels of Steel.lnk [2011-07-07 19:53:36 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2011-07-07 19:53:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011-07-06 15:30:18 | 000,000,921 | ---- | C] () -- C:\Users\J23\Desktop\nLite.lnk [2011-07-06 08:29:28 | 004,660,904 | ---- | C] () -- C:\Users\J23\Desktop\rtlsetup-pcie(664).zip [2011-07-06 08:29:21 | 000,001,332 | ---- | C] () -- C:\Users\J23\Desktop\ich8smb.zip [2011-07-06 08:26:57 | 000,173,089 | ---- | C] () -- C:\Users\J23\Desktop\winxp.rar [2011-07-05 11:42:46 | 011,529,842 | ---- | C] () -- C:\Users\J23\Desktop\furry2final.zip [2011-07-04 14:02:37 | 001,307,216 | -H-- | C] () -- C:\Users\J23\AppData\Local\IconCache.db [2011-07-03 23:08:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-07-03 23:05:01 | 000,411,095 | ---- | C] () -- C:\Users\J23\Desktop\Diamond Twister.jar [2011-07-03 21:47:59 | 000,929,792 | ---- | C] () -- C:\Users\J23\Desktop\Phonebook.npf [2011-07-03 21:36:05 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2011-07-03 21:33:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011-07-03 21:33:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011-07-03 21:33:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sy_ [2011-07-03 20:33:07 | 173,838,160 | ---- | C] () -- C:\Users\J23\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2011-07-03 17:40:21 | 003,561,044 | ---- | C] () -- C:\Users\J23\Desktop\Enej - Radio Hello.mp3 [2011-07-02 20:35:01 | 000,000,965 | ---- | C] () -- C:\Users\J23\Desktop\UltraISO.lnk [2011-07-02 15:02:29 | 000,000,014 | ---- | C] () -- C:\Windows\cfh232.cfg [2011-07-02 14:49:22 | 000,000,016 | ---- | C] () -- C:\Windows\furry.ini [2011-06-29 16:02:10 | 001,806,892 | ---- | C] () -- C:\Users\J23\Desktop\FW-WAP4035v120.zip [2011-06-29 16:01:49 | 000,938,447 | ---- | C] () -- C:\Users\J23\Desktop\WAP-4033-4035 02.2006.pdf [2011-06-28 14:04:45 | 000,249,340 | ---- | C] () -- C:\Users\J23\Documents\Default.aimppl [2011-06-24 12:54:17 | 000,211,473 | R--- | C] () -- C:\Users\J23\Desktop\QUG-Planet.pdf [2011-06-24 11:53:26 | 000,112,553 | ---- | C] () -- C:\Users\J23\Desktop\ulotka_planet.pdf [2011-06-24 11:53:20 | 000,938,447 | ---- | C] () -- C:\Users\J23\Desktop\WAP-4033-4035_02.2006.pdf [2011-06-17 11:16:19 | 006,054,799 | ---- | C] () -- C:\Users\J23\Desktop\aimp_3.00.881_beta_2.zip [2011-06-17 03:23:45 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-16 09:42:26 | 020,029,812 | ---- | C] () -- C:\Users\J23\Desktop\k550.rar [2011-06-12 12:06:44 | 008,400,344 | ---- | C] () -- C:\Users\J23\Desktop\Benny Benassi-Satistaction.wav [2011-06-12 12:06:41 | 006,832,984 | ---- | C] () -- C:\Users\J23\Desktop\1082725003182_morwa_to_dla_sluchaczy.wmv [2011-06-11 20:12:55 | 000,000,977 | ---- | C] () -- C:\Users\J23\Desktop\ALLPlayer V4.6.lnk [2011-06-06 21:27:31 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-06-05 16:04:42 | 000,191,488 | ---- | C] () -- C:\Users\J23\Desktop\magia kart.pps [2011-06-02 20:55:58 | 003,790,921 | ---- | C] () -- C:\Users\J23\Desktop\aycan - lambada dj matt g remix rip.mp3 [2011-04-28 20:22:43 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat [2011-04-28 20:21:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2011-04-28 20:14:29 | 000,000,028 | ---- | C] () -- C:\ProgramData\GRGames.ini [2011-04-20 20:16:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-04-20 20:14:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-04-20 20:14:51 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-04-18 19:53:58 | 000,037,840 | ---- | C] () -- C:\Windows\System32\drivers\ext2fs.sys [2011-04-18 19:08:30 | 000,000,192 | ---- | C] () -- C:\Windows\AWS.ini [2011-04-16 16:34:15 | 000,431,672 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011-04-08 19:08:23 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2011-03-21 18:34:32 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-03-07 16:36:57 | 000,000,000 | ---- | C] () -- C:\Users\J23\AppData\Roaming\chrtmp [2011-01-26 16:56:49 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-01-21 07:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011-01-12 21:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2010-12-25 21:49:19 | 000,022,528 | ---- | C] () -- C:\Users\J23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-24 13:27:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-12-18 19:42:09 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2010-12-18 19:42:08 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2010-12-18 19:42:07 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2010-04-06 19:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2009-07-14 10:07:57 | 000,701,022 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,040 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 003,761,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,001,696 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008-09-01 22:45:21 | 000,109,216 | ---- | C] () -- C:\Users\J23\AppData\Local\GDIPFONTCACHEV1.DAT [2008-09-01 21:45:19 | 001,558,380 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008-01-01 21:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008-01-01 21:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2005-01-31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [color=#E56717]========== LOP Check ==========[/color] [2011-06-15 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\aerix [2011-07-22 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\AIMP3 [2011-04-07 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\AutoHideIP [2010-12-25 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\BESTplayer [2011-04-28 20:45:22 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\BITS [2011-03-07 16:37:38 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Blitware [2011-01-10 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\DAEMON Tools Lite [2011-03-02 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\EMCO [2011-06-27 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\EurekaLog [2011-04-28 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\FlashGet [2011-04-28 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\FlashGetBHO [2011-02-11 21:34:52 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Gadu-Gadu 10 [2011-04-28 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\GetRight [2010-12-17 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\GHISLER [2011-06-10 00:06:25 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\ipla [2011-01-27 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\IrfanView [2010-12-25 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\LolClient [2011-03-30 19:28:52 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Miranda [2010-12-24 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\OpenFM [2011-06-10 22:39:37 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\RDRM [2011-07-03 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Samsung [2011-04-28 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Tific [2010-12-24 13:13:31 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Tlen.pl [2011-06-12 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\J23\AppData\Roaming\Win7codecs [2011-04-22 21:54:28 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-03-30 09:00:33 | 000,010,138 | ---- | M] () -- C:\aaw7boot.log [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011-06-05 17:43:15 | 000,055,637 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2010-11-20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2008-01-01 21:31:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-12-17 19:53:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-12-17 19:53:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-07-22 23:54:11 | 2011,684,864 | -HS- | M] () -- C:\pagefile.sys [2011-04-18 20:24:59 | 000,012,283 | ---- | M] () -- C:\TREEINFO.NCD [2008-09-01 21:39:48 | 000,171,136 | RHS- | M] () -- C:\W7LDR [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] EXtras [log]OTL Extras logfile created on: 2011-07-22 23:58:56 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\J23\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 49,55% Memory free 3,75 Gb Paging File | 2,65 Gb Available in Paging File | 70,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,08 Gb Total Space | 13,25 Gb Free Space | 33,91% Space Free | Partition Type: NTFS Drive D: | 109,97 Gb Total Space | 10,68 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 6,31 Gb Free Space | 4,24% Space Free | Partition Type: NTFS Drive G: | 657,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: J23-KOMPUTER | User Name: J23 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallOverride" = 1 "DisableThumbnailCache" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Users\J23\Downloads\Flash-Player.exe" = C:\Users\J23\Downloads\Flash-Player.exe:*:Enabled:C:\Users\J23\Downloads\Flash-Player.exe "C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe "C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2 "{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{881C69F2-3861-4F18-BA0D-9B742C5E44FF}" = Voice Twister "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "18 Wheels of Steel Haulin" = 18 Wheels of Steel Haulin "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP3" = AIMP3 "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.04 "Audacity_is1" = Audacity 1.2.6 "AutoHideIP" = Auto Hide IP "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Lite" = DAEMON Tools Lite "Gadu-Gadu 10" = Gadu-Gadu 10 "GOM Player" = GOM Player "Hard Truck 18 Wheels of Steel" = Hard Truck 18 Wheels of Steel "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "ipla" = ipla 2.2.1 "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NIS" = Norton Internet Security "nLite_is1" = nLite 1.4.9.1 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Super Kulki_is1" = Super Kulki "Tlen.pl" = Tlen.pl "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Totalcmd" = Total Commander (Remove or Repair) "UltraISO_is1" = UltraISO Premium V9.36 "WinRAR archiver" = Archiwizator WinRAR "WMV To VCD DVD MPEG Converter Pro_is1" = WMV To VCD DVD MPEG Converter Pro 2.5 "Zuma Deluxe RA" = Zuma Deluxe RA [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-866066421-2766305544-3693691503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [/log]
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Windows\update.1\svchost.exe" =- "C:\Windows\services32.exe" =- :Files C:\Windows\services32.exe C:\Windows\update.1 [/code] Klik w [b]Wykonaj Skrypt[/b]. Pojawi się raport po chwili - pokaż go.
wacek223 komentarz 23 lipca 2011 Autor komentarz 23 lipca 2011 [log]========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.1\svchost.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\services32.exe deleted successfully. ========== FILES ========== File\Folder C:\Windows\services32.exe not found. File\Folder C:\Windows\update.1 not found. OTL by OldTimer - Version 3.2.26.1 log created on 07232011_110911 [/log]
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 Klucze związane z infekcją usunięte. Czas na kroki końcowe. [hr] [b]1.[/b] Uruchom OTL i wciśnij [b]Sprzątanie[/b]. [b]2.[/b] Z aktualizacji softu to dużo nie ma. [quote] [b]Mozilla Firefox 5.0 (x86 pl)[/b] - zmień wersję na [url=http://europe.mozilla.org/pl/][b][color=blue][u]5.01[/url][/b][/color][/u]. [b]Adobe Flash Player 10 Plugin[/b] - powiedz mi jaką masz wersję Adobe Flash Player'a.[/quote] [b]3.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u] [b]4.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy). [b]5.[/b] Przeskanuj też cały system za pomocą [url=http://www.hotfix.pl/instrukcja-uzytkowania-dr-web-cureit--a193.htm][b][color=blue][u]Dr.Web CureIt![/url][/b][/color][/u]
wacek223 komentarz 23 lipca 2011 Autor komentarz 23 lipca 2011 (edytowane) Adobe flash player jest najnowszy 10.3.181.34, a chrome ma .35 [log]Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Wersja bazy: 7248 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 2011-07-23 13:37:22 mbam-log-2011-07-23 (13-37-22).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 274696 Upłynęło: 56 minut(y), 53 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)[/log]
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 Chrome ma wbudowanego Flash'a. 34 to najnowsza wersja więc OK.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.