phiuz utworzono 24 września 2011 utworzono 24 września 2011 Witam. Mam pewien problem. Ściągnąłem dziś jakąś lewą fifę manager 2011 i zamontowałem jej obraz iso w deamonie. Niestety instalacja nie powiodła się, ponieważ wyskakiwał mi trojan. Postanowiłem więc usunąć ją, lecz nie można, ponieważ system rzekomo używa tego pliku. Wyłączyłem explorer i uruchomiłem total commandera, jednak to też mi nie pomogło. Nie można usunąc pliku, trzeba usunąć jakieś tam zabezpieczenie. Nie mam już więcej pomysłów jak rozwiązać ten problem. Co mam robić? Z góry dziękuję za rady.
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 O jaki chodzi Ci dokładnie plik (podaj dokładną ścieżkę pliku) ? Pokaż też log z [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL[/url][/b][/color][/u] tak na wszelki wypadek. 1
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 (edytowane) jest to plik iso, znajduje się w folderze pobrane (hp). przez regedit też nie mogę usunąć. [log]zysOTL logfile created on: 2011-09-24 12:42:35 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\płydki 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,75 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 41,62% Memory free 7,49 Gb Paging File | 4,97 Gb Available in Paging File | 66,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,88 Gb Total Space | 401,63 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Drive D: | 14,58 Gb Total Space | 1,80 Gb Free Space | 12,33% Space Free | Partition Type: NTFS Computer Name: HP-HP | User Name: Hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - File not found -- PRC - [2011-09-24 12:41:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\płydki\OTL.exe PRC - [2011-08-31 11:59:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe PRC - [2011-06-21 07:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2011-01-22 03:42:04 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe PRC - [2010-12-13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010-12-10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010-11-22 14:27:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe PRC - [2010-11-22 14:20:48 | 002,736,128 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2010-11-09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010-11-09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010-11-03 17:12:54 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010-11-03 17:07:10 | 000,769,592 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2010-05-14 12:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2010-04-23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010-04-23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010-04-23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-09-24 12:41:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\płydki\OTL.exe MOD - [2011-09-24 11:19:05 | 000,311,248 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Hp\AppData\Local\Temp\BC4D.tmp MOD - [2011-09-23 09:11:20 | 000,888,248 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\Scxpx86.dll MOD - [2011-08-31 12:01:48 | 004,322,600 | ---- | M] (Conduit Ltd.) -- C:\Users\Hp\AppData\LocalLow\uTorrentBar\tbuTor.dll MOD - [2011-08-31 11:59:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe MOD - [2011-08-31 11:59:10 | 000,689,960 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ELib.dll MOD - [2011-08-03 19:52:06 | 002,291,128 | R--- | M] (Siber Systems) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\rf.dll MOD - [2011-08-03 19:52:05 | 000,563,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IVPlugin.dll MOD - [2011-07-22 08:38:01 | 005,989,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2011-07-16 06:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2011-07-16 06:30:27 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2011-06-29 16:27:10 | 000,870,328 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coUICtlr.dll MOD - [2011-06-29 08:01:40 | 000,256,808 | ---- | M] (Conduit Ltd.) -- C:\Users\Hp\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll MOD - [2011-06-23 16:20:46 | 000,638,560 | ---- | M] (Conduit Ltd.) -- C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll MOD - [2011-06-21 07:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe MOD - [2011-06-21 07:36:36 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2011-06-21 07:36:33 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2011-06-21 07:35:27 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll MOD - [2011-06-21 07:34:49 | 002,072,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2011-06-21 07:34:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll MOD - [2011-06-21 07:34:48 | 010,989,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2011-06-21 07:34:48 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll MOD - [2011-06-21 07:34:48 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2011-06-16 06:35:50 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2011-06-07 19:39:40 | 000,064,936 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\EFACli.dll MOD - [2011-05-24 12:34:20 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2011-05-24 12:34:20 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2011-05-24 12:34:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2011-05-09 11:49:38 | 000,176,936 | ---- | M] (Conduit Ltd.) -- C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll MOD - [2011-05-04 12:21:28 | 001,045,432 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\MUI\18.6.0.29\15\01\cltRes.loc MOD - [2011-05-04 06:53:10 | 001,553,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tquery.dll MOD - [2011-04-29 02:29:50 | 000,650,680 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\UIALERT.DLL MOD - [2011-04-29 02:29:44 | 000,518,072 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\RuleUI.dll MOD - [2011-04-29 02:29:37 | 000,368,056 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\NPCTRAY.DLL MOD - [2011-04-29 02:29:36 | 000,573,880 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\NPCStats.dll MOD - [2011-04-29 02:29:28 | 000,528,824 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\NAVLOGV.dll MOD - [2011-04-29 02:29:25 | 000,110,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\isPwd.dll MOD - [2011-04-29 02:29:22 | 000,733,624 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\isDataPr.dll MOD - [2011-04-29 02:29:20 | 000,122,296 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\hsui.dll MOD - [2011-04-29 02:29:14 | 000,292,280 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\FWSESAL.DLL MOD - [2011-04-29 02:29:09 | 000,402,872 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltui.dll MOD - [2011-04-29 02:29:06 | 000,382,392 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\AVPAPP32.DLL MOD - [2011-04-29 02:29:03 | 000,471,480 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AVIfc.dll MOD - [2011-04-29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL MOD - [2011-04-29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASHELPER.DLL MOD - [2011-04-29 02:28:59 | 000,269,240 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\AppMgr32.dll MOD - [2011-04-29 00:33:44 | 000,681,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coWPPlg.dll MOD - [2011-04-29 00:33:37 | 000,193,976 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\coParse.dll MOD - [2011-04-29 00:33:36 | 001,207,736 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ACCTMGR.DLL MOD - [2011-04-29 00:33:29 | 000,436,152 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll MOD - [2011-04-29 00:33:25 | 000,388,024 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coDataPr.dll MOD - [2011-04-27 11:37:56 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2011-04-26 22:21:00 | 000,137,672 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltWzHlp.dll MOD - [2011-04-26 22:20:55 | 000,151,496 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltElPrv.dll MOD - [2011-04-26 22:20:53 | 000,052,680 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltRDUrl.dll MOD - [2011-04-26 22:20:52 | 000,145,864 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltNAHD.dll MOD - [2011-04-26 22:20:51 | 000,830,408 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CLTALDIS.DLL MOD - [2011-04-26 22:20:50 | 000,126,920 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\cltLMC.dll MOD - [2011-04-17 02:57:12 | 000,675,712 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccL100U.dll MOD - [2011-04-17 02:45:33 | 000,291,712 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccGEvt.dll MOD - [2011-04-17 02:45:32 | 000,387,968 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCJOBMGR.DLL MOD - [2011-04-17 02:45:29 | 000,158,592 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccIPC.dll MOD - [2011-04-17 02:45:12 | 000,085,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccVrTrst.dll MOD - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe MOD - [2011-04-17 02:45:10 | 000,268,672 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSet.dll MOD - [2011-04-17 02:45:10 | 000,141,184 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvc.dll MOD - [2011-04-05 03:25:18 | 000,389,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\srtsp32.dll MOD - [2011-03-31 05:01:20 | 000,210,872 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL MOD - [2011-03-03 07:29:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2011-03-02 22:24:48 | 002,698,680 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SYMHTML.DLL MOD - [2011-02-18 07:35:35 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll MOD - [2011-02-16 12:18:32 | 000,338,360 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SDKCMN.DLL MOD - [2011-01-22 12:17:18 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2011-01-22 12:12:19 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2011-01-22 12:12:19 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2011-01-22 12:10:37 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2011-01-22 12:10:22 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2011-01-22 12:09:22 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\asycfilt.dll MOD - [2011-01-22 12:07:52 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2011-01-22 12:01:24 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2011-01-22 11:56:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2011-01-22 11:56:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll MOD - [2011-01-22 11:55:34 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2011-01-22 11:54:00 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2011-01-22 04:04:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll MOD - [2011-01-22 04:04:37 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll MOD - [2011-01-22 04:02:17 | 000,052,920 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\SysWOW64\ezUPBHook.dll MOD - [2011-01-22 03:42:04 | 006,071,760 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx MOD - [2011-01-22 03:42:04 | 000,311,248 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.dll MOD - [2011-01-22 03:42:04 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe MOD - [2011-01-17 07:38:38 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2010-12-21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2010-12-21 07:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll MOD - [2010-12-18 07:31:23 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2010-12-13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MOD - [2010-12-10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe MOD - [2010-12-10 09:10:14 | 000,550,400 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2010-12-10 08:57:34 | 003,460,096 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll MOD - [2010-12-10 08:39:42 | 004,122,624 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll MOD - [2010-12-10 08:23:10 | 000,028,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll MOD - [2010-11-22 14:20:48 | 002,736,128 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe MOD - [2010-11-22 14:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010-11-22 14:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010-11-22 14:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010-11-09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MOD - [2010-11-09 16:20:34 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll MOD - [2010-11-03 17:09:28 | 000,790,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll MOD - [2010-11-02 06:35:35 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll MOD - [2010-11-02 06:35:34 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2010-11-02 06:35:34 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010-10-27 06:40:22 | 001,293,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2010-09-21 15:08:38 | 000,439,168 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MOD - [2010-09-21 15:06:02 | 000,853,912 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL MOD - [2010-09-21 15:03:14 | 000,145,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2010-08-17 11:14:26 | 000,910,704 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CLT\cltLMSx.dll MOD - [2010-06-26 07:14:29 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010-05-14 12:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2009-12-21 18:27:50 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MOD - [2009-12-21 18:27:44 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MOD - [2009-07-14 03:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 03:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009-07-14 03:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 03:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009-07-14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2009-07-14 03:16:19 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinSCard.dll MOD - [2009-07-14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 03:16:17 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009-07-14 03:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2009-07-14 03:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009-07-14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 03:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2009-07-14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 03:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 03:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009-07-14 03:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 03:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2009-07-14 03:16:03 | 001,537,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NlsData0000.dll MOD - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009-07-14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 03:16:02 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NaturalLanguage6.dll MOD - [2009-07-14 03:16:02 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2009-07-14 03:16:02 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll MOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll MOD - [2009-07-14 03:15:47 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll MOD - [2009-07-14 03:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2009-07-14 03:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009-07-14 03:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009-07-14 03:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 03:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 03:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009-07-14 03:15:32 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll MOD - [2009-07-14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009-07-14 03:15:28 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll MOD - [2009-07-14 03:15:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll MOD - [2009-07-14 03:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009-07-14 03:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2009-07-14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 03:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2009-07-14 03:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 03:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll MOD - [2009-07-14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll MOD - [2009-07-14 03:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 03:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dinput.dll MOD - [2009-07-14 03:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 03:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009-07-14 03:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll MOD - [2009-07-14 03:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009-07-14 03:15:10 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddrawex.dll MOD - [2009-07-14 03:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009-07-14 03:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll MOD - [2009-07-14 03:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2009-07-14 03:15:08 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dim700.dll MOD - [2009-07-14 03:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 03:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009-07-14 03:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:15:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll MOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 03:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 03:14:08 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2009-07-14 03:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 03:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009-06-10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009-06-10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll MOD - [2009-06-10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll MOD - [2009-06-10 23:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-12-10 09:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010-12-09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2010-12-02 06:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010-08-05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:[b]64bit:[/b] - [2010-07-21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:[b]64bit:[/b] - [2010-06-17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2010-11-09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010-11-03 17:12:54 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010-06-19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-09-22 16:26:41 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-09-21 17:09:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2011-07-08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2011-04-27 02:51:48 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2011-03-31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2011-03-31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:[b]64bit:[/b] - [2011-03-15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-01-27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2011-01-27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2010-12-17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010-12-10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2010-12-10 11:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-12-10 08:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-12-08 23:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2010-12-02 06:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010-09-03 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-06-17 15:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2010-05-15 20:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2010-05-15 20:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2010-05-06 15:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2010-04-29 14:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011-09-23 09:11:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSviA64.sys -- (IDSVia64) DRV - [2011-09-09 17:47:18 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2010-08-13 11:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS -- (NAVEX15) DRV - [2010-08-13 11:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010-08-13 11:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-08-13 11:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS -- (NAVENG) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.bing.com?pc=HPNTDF"]http://www.bing.com?pc=HPNTDF[/url] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com?pc=HPNTDF"]http://www.bing.com?pc=HPNTDF[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.bing.com?pc=HPNTDF"]http://www.bing.com?pc=HPNTDF[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.bing.com?pc=HPNTDF"]http://www.bing.com?pc=HPNTDF[/url] IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.bing.com?pc=HPNTDF"]http://www.bing.com?pc=HPNTDF[/url] IE - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://search.conduit.com?SearchSource=10&ctid=CT2786678"]http://search.conduit.com?SearchSource=10&ctid=CT2786678[/url] IE - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-09-23 14:52:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011-09-24 10:40:39 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2591046978-4148710149-1025695225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/url] (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C336A7A-3C2E-4542-9159-D4DCC2D3DA88}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-09-24 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011-09-24 11:37:08 | 000,000,000 | ---D | C] -- C:\totalcmd [2011-09-24 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\GHISLER [2011-09-23 19:33:27 | 000,000,000 | ---D | C] -- C:\Data [2011-09-23 16:36:34 | 000,000,000 | ---D | C] -- C:\Users\Hp\WapSter [2011-09-23 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WapSter [2011-09-23 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\INTERIAPL [2011-09-23 16:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WapSter [2011-09-23 15:41:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-09-22 16:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive [2011-09-22 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2011-09-22 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\Hp\Documents\Sports Interactive [2011-09-22 16:41:40 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Sports Interactive [2011-09-22 16:41:40 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Sports Interactive [2011-09-22 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011-09-22 16:30:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry [2011-09-22 16:29:54 | 000,000,000 | -H-D | C] -- C:\Users\Hp\InstallAnywhere [2011-09-22 16:26:41 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011-09-22 16:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011-09-22 16:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011-09-22 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\DAEMON Tools Lite [2011-09-22 16:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011-09-22 09:16:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011-09-22 09:16:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011-09-22 07:32:20 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Microsoft Games [2011-09-21 21:29:16 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\CyberLink [2011-09-21 21:29:15 | 000,000,000 | ---D | C] -- C:\Users\Hp\Documents\Youcam [2011-09-21 21:29:15 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\CyberLink [2011-09-21 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2011-09-21 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\CrashDumps [2011-09-21 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Google [2011-09-21 19:39:27 | 000,000,000 | ---D | C] -- C:\extensions [2011-09-21 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011-09-21 19:39:25 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Conduit [2011-09-21 19:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar [2011-09-21 19:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2011-09-21 19:36:19 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\uTorrent [2011-09-21 19:36:19 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\uTorrent [2011-09-21 17:48:55 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\WildTangent [2011-09-21 17:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2011-09-21 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Last.fm [2011-09-21 17:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2011-09-21 17:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm [2011-09-21 17:17:56 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\foobar2000 [2011-09-21 17:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000 [2011-09-21 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\WinRAR [2011-09-21 17:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-09-21 17:16:01 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-09-21 17:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2011-09-21 17:07:59 | 000,000,000 | ---D | C] -- C:\płydki [2011-09-21 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Diagnostics [2011-09-21 14:47:28 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Macromedia [2011-09-21 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Adobe [2011-09-21 14:47:17 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\_MDLogs [2011-09-16 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\AMD [2011-09-16 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\ATI [2011-09-16 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\ATI [2011-09-16 14:55:18 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Synaptics [2011-09-16 14:55:06 | 000,000,000 | R--D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011-09-16 14:55:06 | 000,000,000 | R--D | C] -- C:\Users\Hp\Searches [2011-09-16 14:55:06 | 000,000,000 | R--D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011-09-16 14:55:00 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Identities [2011-09-16 14:54:58 | 000,000,000 | R--D | C] -- C:\Users\Hp\Contacts [2011-09-16 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\hpqlog [2011-09-16 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\RemEngine [2011-09-11 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Hewlett-Packard [2011-09-11 10:44:14 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Hewlett-Packard [2011-09-11 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Hewlett-Packard_Company [2011-09-11 10:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011-09-11 10:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011-09-11 10:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011-09-11 10:42:12 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\VirtualStore [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Ustawienia lokalne [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\AppData\Local\Temporary Internet Files [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Szablony [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\SendTo [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Recent [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\PrintHood [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\NetHood [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Documents\Moje wideo [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Documents\Moje obrazy [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Moje dokumenty [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Documents\Moja muzyka [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Menu Start [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\AppData\Local\Historia [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Dane aplikacji [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\AppData\Local\Dane aplikacji [2011-09-11 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Hp\Cookies [2011-09-11 10:41:17 | 000,000,000 | --SD | C] -- C:\Users\Hp\AppData\Roaming\Microsoft [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Videos [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Saved Games [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Pictures [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Music [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Links [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Favorites [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Downloads [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Documents [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\Desktop [2011-09-11 10:41:17 | 000,000,000 | R--D | C] -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011-09-11 10:41:17 | 000,000,000 | -H-D | C] -- C:\Users\Hp\AppData [2011-09-11 10:41:17 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Temp [2011-09-11 10:41:17 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Local\Microsoft [2011-09-11 10:41:17 | 000,000,000 | ---D | C] -- C:\Users\Hp\AppData\Roaming\Media Center Programs [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2011-09-11 10:40:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-09-24 12:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-24 11:37:13 | 000,000,632 | ---- | M] () -- C:\Users\Hp\Desktop\Total Commander.lnk [2011-09-24 10:47:48 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-24 10:47:48 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-24 10:40:17 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2011-09-23 16:30:00 | 000,000,902 | ---- | M] () -- C:\Users\Hp\Desktop\AQQ.lnk [2011-09-23 15:00:42 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-09-23 15:00:42 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-09-23 15:00:42 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-09-23 15:00:42 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-09-23 15:00:42 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-09-23 14:17:53 | 001,744,948 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB [2011-09-22 16:26:41 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011-09-22 16:26:37 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011-09-22 15:11:42 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2011-09-22 09:19:34 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Wybór przeglądarki.lnk [2011-09-22 09:18:34 | 000,275,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-09-21 19:39:04 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011-09-21 19:20:01 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-09-21 19:19:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job [2011-09-21 17:22:51 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk [2011-09-21 17:09:40 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011-09-21 17:09:40 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011-09-21 17:09:40 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011-09-16 14:55:13 | 000,001,455 | ---- | M] () -- C:\Users\Hp\Desktop\Internet Explorer.lnk [2011-09-11 10:39:16 | 000,064,440 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011-09-11 10:39:16 | 000,064,440 | ---- | M] () -- C:\Windows\SysNative\license.rtf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-24 11:37:12 | 000,000,632 | ---- | C] () -- C:\Users\Hp\Desktop\Total Commander.lnk [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011-09-24 11:37:09 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011-09-23 16:30:00 | 000,000,902 | ---- | C] () -- C:\Users\Hp\Desktop\AQQ.lnk [2011-09-22 16:26:36 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011-09-22 15:11:41 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk [2011-09-22 09:19:34 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Wybór przeglądarki.lnk [2011-09-21 19:37:35 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011-09-21 19:20:01 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011-09-21 17:22:50 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk [2011-09-21 17:17:38 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk [2011-09-19 07:52:37 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job [2011-09-16 14:55:13 | 000,001,421 | ---- | C] () -- C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011-09-16 14:55:08 | 000,001,455 | ---- | C] () -- C:\Users\Hp\Desktop\Internet Explorer.lnk [2011-09-11 10:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011-04-27 02:54:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-04-27 02:44:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011-01-22 04:10:21 | 000,000,161 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011-01-22 04:02:19 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010-12-17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010-09-24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010-09-18 00:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2009-07-14 07:08:49 | 000,008,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log]przepraszam za post pod postem, ale log został dodany
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 (edytowane) Niestety, OTL nie pokazuje w takich lokalizacjach plików jak ,,pobierane". Niestety dalej lokalizacja pliku jest mi nie znana. Może SystemLook wyjaśni wszystko? [hr] Ściągnij -> [url=http://images.malwareremoval.com/jpshortstuff/SystemLook.exe][b][color=blue][u]SystemLook.exe[/url][/b][/color][/u] Uruchom i w dolne białe okienko wklej to: [quote] :filefind *.iso .iso [/quote] Naciśnij [b]Look[/b] i pokaż raport. 1
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 Bez różnicy jak wstawiasz, możesz wkleić raport na wklej.org 1
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 długo może trwać takie szukanie? mija już dłuższa chwila i nadal nic się nie pokazuje.
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 Tak, długo to może potrwać. Nawet z godzine. 1
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 [url="http://wklej.org/id/598808/"]http://wklej.org/id/598808/[/url] oto raport
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 (edytowane) [quote] Searching for "*.iso" [b]C:\Users\Hp\Downloads\FiFa Manager 2011 - RELOADED VERSION+.Crack.iso[/b] --a---- -846321664 bytes [14:44 23/09/2011][/quote] Mamy naszego ,,smrodka" [hr] [b]1.[/b] Uruchom [b]OTL[/b] i w dolne białe pole wklej to: [code] :processes killallprocesses :OTL O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found :Files C:\Users\Hp\Downloads\FiFa Manager 2011 - RELOADED VERSION+.Crack.iso :Commands [emptyflash] [emptytemp] [/code] Kliknij w [b]Wykonaj Script[/b]. Pokaż raport który pokaże się po restarcie. [b]2.[/b] Odinstaluj śmiecia: [b]Conduit Ltd.[/b] 1
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 (edytowane) [log]All processes killed ========== PROCESSES ========== ========== OTL ========== Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. ========== FILES ========== File move failed. C:\Users\Hp\Downloads\FiFa Manager 2011 - RELOADED VERSION+.Crack.iso scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Hp ->Flash cache emptied: 7890 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hp ->Temp folder emptied: 847479258 bytes ->Temporary Internet Files folder emptied: 53079792 bytes ->Java cache emptied: 390095 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7132619 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 866,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 09242011_135245 Files\Folders moved on Reboot... C:\Users\Hp\Downloads\FiFa Manager 2011 - RELOADED VERSION+.Crack.iso moved successfully. C:\Users\Hp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Hp\AppData\Local\Temp\~DF151B9EEA5869DD7D.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF17AF18514C8EB720.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF1816C2E9D8550434.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF1AE29BD393D8E45A.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF3DDE46CFB2078C7F.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF438FA28318A467AF.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DF73814C0440BE6CA6.TMP not found! File\Folder C:\Users\Hp\AppData\Local\Temp\~DFB92FF9188D82F4B0.TMP not found! Registry entries deleted on Reboot... [/log] oto raport system nie znalazł żadnego ConduitLtd. jest tylko ConduitHelper. co w związku z tym? nie można też tego odinstalować, bo nie ma tego w panelu sterowania. w takim razie usunąć folder z dysku c? podobnie jak w przypadku pliku iso - nie mogę tego usunąć.
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 [quote] C:\Users\Hp\Downloads\FiFa Manager 2011 - RELOADED VERSION+.Crack.iso moved successfully. [/quote] Plik został przeniesiony do kwarantanny OTL'a. [b]1.[/b] Odinstaluj [b]ConduitHelpe[/b]. [b]2.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size=150][b]Clean[/b][/size] Pokaż raport z tego narzędzia.
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 niestety nie udało mi się odinstalować ConduitHelpe, a gdy odpalam Ad-Removera wyskakuje - NOT ADMINISTRATOR.
Gość komentarz 24 września 2011 komentarz 24 września 2011 Uruchom Ad-remower z prawokliku [b]jako administrator[/b]. 1
phiuz komentarz 24 września 2011 Autor komentarz 24 września 2011 [log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: [url="http://www.teamxscript.orgC:Program"]http://www.teamxscript.org[/url] [url="http://www.teamxscript.orgC:Program"]C:\Program[/url] Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:12:54 on 24/09/2011, Normal boot Microsoft Windows 7 Home Premium (X64) [email="Hp@HP-HP"]Hp@HP-HP[/email] (Hewlett-Packard HP Pavilion g6 Notebook PC) ============== ACTION(S) ============== Folder deleted: C:\Users\Hp\AppData\Local\Conduit Folder deleted: C:\Users\Hp\AppData\LocalLow\Conduit Folder deleted: C:\Program Files (x86)\Conduit (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key deleted: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key deleted: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key deleted: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key deleted: HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key deleted: HKLM\Software\Classes\Toolbar.CT2786678 Key deleted: HKLM\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ============== ADDITIONNAL SCAN ============== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - "uTorrentBar Toolbar" (C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll) HKLM_URLSearchHooks|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - "uTorrentBar Toolbar" (C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll) HKCU_SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} - "Ask.com" (hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF) HKCU_SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - "Wikipedia" (hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}) HKCU_SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} - "Web Search" (hxxp://startsear.ch/?aff=1&q={searchTerms}) HKLM_SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} - "Ask.com" (hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF) HKLM_SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - "Wikipedia" (hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}) HKCU_Toolbar\WebBrowser|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} (C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll) HKCU_Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x) HKLM_Toolbar|{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll) HKLM_Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x) HKLM_ElevationPolicy\{04C44D72-0FB2-40CD-BFA6-9BB56E71E4B9} - C:\Users\Hp\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{89B85129-72E6-45FB-B526-985F8ADEDD00} - C:\Program Files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe (?) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Pomocnik logowania za pomocą identyfikatora Windows Live" (C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - "uTorrentBar Toolbar" (C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 24 File(s) C:\Program Files (x86)\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 24/09/2011 16:13:10 (5963 Byte(s)) End at: 16:13:58, 24/09/2011 ============== E.O.F ============== [/log]
wirusolog komentarz 24 września 2011 komentarz 24 września 2011 Uruchom SystemLook i w dolne białe okienko wklej to: [quote] :filefind Conduit :regfind Conduit[/quote] Wciśnij [b]Look[/b] i czekaj, aż pojawi się raport. 1
phiuz komentarz 2 października 2011 Autor komentarz 2 października 2011 Przepraszam, ale zapomniałem o tym temacie i dopiero teraz go odkopałem. [log]SystemLook 30.07.11 by jpshortstuff Log created at 10:41 on 02/10/2011 by Hp Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "Conduit" No files found. ========== regfind ========== Searching for "Conduit" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit] [HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ConduitHelper] [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "GroupingServerURL"="http://grouping.services.conduit.com/" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "SearchServerUrl"="http://search.conduit.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "Server"="users.conduit.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "SocialDomains"="http://apps.conduit.com; http://social.conduit.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "ConduitHelperDialogsBaseURL"="http://dynamicdialogs.toolbar.conduit-services.com/conduithelper/dialogs/BitTorrentShort" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar] "AppsDetectionUrlPattern"="http://appdownload.conduit.com/" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678] [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppRegisterUsage] "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsMetaData] "ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsSettings] "ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingFirstTime] "ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingUsage] "ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppUninstallUsage] "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\BrowserToolbarsInfo] "ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ClientErrorLog] "ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\DynamicDialogs] "ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\GottenAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\HostingUsage] "ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\OtherAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SearchSettings] "ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SharedAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppComponentUsage] "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppUsage] "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarComponentUsage] "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarLogin] "ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettings] "ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForPublisher] "ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForSB] "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarTranslation] "ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUninstall] "ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUsage] "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\UninstallDialog] "ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\UninstallDialogUsage] "ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678_CT2786678] [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678_en] [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1139476484] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1234074787] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\132127607] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1427881991] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1567545363] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\2601112605] "dbname"="conduit_CT2786678_en" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\3180454708] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\3867187348] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\584851373] "dbname"="conduit_CT2786678_CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings] "APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings] "SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\BackHandStorage\http___cap1_conduit-apps_com_uTorrent_20110207_maincomp_html] [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\BrowserSearch] "URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\BrowserSearch] "ConduitEnabled"="TRUE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\HomePage] "URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2786678" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\HomePage] "ConduitEnabled"="TRUE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\MyStuff] "AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\MyStuff] "ConduitEnable"="TRUE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Search\Settings] "ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsEnabledByConduit"="TRUE" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Update] "ModuleURL"="http://ieupdate.conduit.com/ver6.6.0.19/tbedrs.dll" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Upgrade] "ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.6.0.19/tbedrs.dll" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Weather] "SearchServerUrl"="http://search.conduit.com/" [HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Weather\en] "Forecast"="<FORECAST><LOCATION_ID>PKXX0006</LOCATION_ID><DAYS><DAY1><DATE>20110924</DATE><DAY>Saturday</DAY><F_MIN>67</F_MIN><F_MAX>93</F_MAX><C_MIN>19</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>8</UV_INDEX><SUNSET>6:02 pm</SUNSET><SUNRISE>5:57 am</SUNRISE><MOONRISE>2:12 am</MOONRISE><MOONSET>3:45 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20110925</DATE><DAY>Sunday</DAY><F_MIN>67</F_MIN><F_MAX>93</F_MAX><C_MIN>19</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>8</UV_INDEX><SUNSET>6:01 pm</SUNSET><SUNRISE>5:57 am</SUNRISE><MOONRISE>3:19 am</MOONRISE><MOONSET>4:22 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http:/ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04C44D72-0FB2-40CD-BFA6-9BB56E71E4B9}] "AppPath"="C:\Users\Hp\AppData\Local\Conduit\CT2786678" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitHelper_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitHelper_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ConduitHelper"=""C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\Communicator] "Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\Communicator] "UsageUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar] "BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar] "Server"="users.conduit.com" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar] "PlatformType"="ConduitToolbarMyStuff" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar] "AutoUpdateHelperPath"="C:\Users\Hp\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\uTorrentBar\toolbar] "IsConduitAppsToolbar"="FALSE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] @="Conduit Community Alerts" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32] @="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}] @="Conduit Helper API Server" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\InprocServer32] @="C:\Users\Public\Conduit\ConduitHelper\ELib_Lib0.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\ProgID] @="ConduitHelperAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\VersionIndependentProgID] @="ConduitHelperAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConduitHelperAPI] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] @="Conduit Community Alerts" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32] @="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}] @="Conduit Helper API Server" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\InprocServer32] @="C:\Users\Public\Conduit\ConduitHelper\ELib_Lib0.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\ProgID] @="ConduitHelperAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8266C447-4BD3-476B-8E99-3B4EAD1FB902}\VersionIndependentProgID] @="ConduitHelperAPI" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\Conduit] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\Conduit\ConduitHelper] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "GroupingServerURL"="http://grouping.services.conduit.com/" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "SearchServerUrl"="http://search.conduit.com" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "Server"="users.conduit.com" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "SocialDomains"="http://apps.conduit.com; http://social.conduit.com" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "ConduitHelperDialogsBaseURL"="http://dynamicdialogs.toolbar.conduit-services.com/conduithelper/dialogs/BitTorrentShort" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar] "AppsDetectionUrlPattern"="http://appdownload.conduit.com/" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppRegisterUsage] "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsMetaData] "ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsSettings] "ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingFirstTime] "ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingUsage] "ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppUninstallUsage] "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\BrowserToolbarsInfo] "ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ClientErrorLog] "ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\DynamicDialogs] "ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\GottenAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\HostingUsage] "ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\OtherAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SearchSettings] "ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SharedAppsContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppComponentUsage] "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppUsage] "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarComponentUsage] "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarContextMenu] "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarLogin] "ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettings] "ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForPublisher] "ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForSB] "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarTranslation] "ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUninstall] "ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUsage] "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\UninstallDialog] "ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\UninstallDialogUsage] "ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678_CT2786678] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678_en] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1139476484] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1234074787] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\132127607] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1427881991] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\1567545363] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\2601112605] "dbname"="conduit_CT2786678_en" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\3180454708] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\3867187348] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\MetaData\584851373] "dbname"="conduit_CT2786678_CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings] "APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings] "SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\BackHandStorage\http___cap1_conduit-apps_com_uTorrent_20110207_maincomp_html] [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\BrowserSearch] "URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\BrowserSearch] "ConduitEnabled"="TRUE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\HomePage] "URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2786678" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\FeatureProtector\HomePage] "ConduitEnabled"="TRUE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\MyStuff] "AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\MyStuff] "ConduitEnable"="TRUE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Search\Settings] "ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsEnabledByConduit"="TRUE" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\SearchInNewTab] "AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Update] "ModuleURL"="http://ieupdate.conduit.com/ver6.6.0.19/tbedrs.dll" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Upgrade] "ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.6.0.19/tbedrs.dll" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Weather] "SearchServerUrl"="http://search.conduit.com/" [HKEY_USERS\S-1-5-21-2591046978-4148710149-1025695225-1001\Software\AppDataLow\Software\uTorrentBar\toolbar\Settings\Weather\en] "Forecast"="<FORECAST><LOCATION_ID>PKXX0006</LOCATION_ID><DAYS><DAY1><DATE>20110924</DATE><DAY>Saturday</DAY><F_MIN>67</F_MIN><F_MAX>93</F_MAX><C_MIN>19</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>8</UV_INDEX><SUNSET>6:02 pm</SUNSET><SUNRISE>5:57 am</SUNRISE><MOONRISE>2:12 am</MOONRISE><MOONSET>3:45 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20110925</DATE><DAY>Sunday</DAY><F_MIN>67</F_MIN><F_MAX>93</F_MAX><C_MIN>19</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>8</UV_INDEX><SUNSET>6:01 pm</SUNSET><SUNRISE>5:57 am</SUNRISE><MOONRISE>3:19 am</MOONRISE><MOONSET>4:22 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</COND -= EOF =- [/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.