almarjur utworzono 3 czerwca 2012 utworzono 3 czerwca 2012 Witajcie! Posiadam windows 7 Home Premium 64bit. W okienku powiadomień ukazał się komunikat żeby włączyć Kaspersky Internet Security 2012. Naciskałem żeby włączyć ale niestety nie można go włączyć. Na różne sposoby próbowałem go włączyć lecz bezskutecznie. Co to może być? Jak to naprawić? Pozdrawiam
Antagoniss komentarz 3 czerwca 2012 komentarz 3 czerwca 2012 Przeskanuj komputer w [url="http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button"]Mbam[/url]. Mozliwe, że przyczyną jest infekcja ale nawet bardziej prawdopodobne jest, że Norton jest blokowany przez innąaplikację Antyvir z 'real time protection'. np. Ad-Aware + Norton mogą powodować problemy.
almarjur komentarz 4 czerwca 2012 Autor komentarz 4 czerwca 2012 (edytowane) [CODE]Ochrona: Włączona 2012-06-04 19:30:06 mbam-log-2012-06-04 (19-52-58).txt Typ skanowania: Pełne skanowanie Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 363595 Upłynęło: 22 minut(y), 35 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 1 HKCR\CLSID\{dedbb410-30bd-5eb4-8555-c0ee0936e592} (Trojan.Agent) -> Nie wykonano akcji. Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Złe: (http://startsear.ch/?aff=1&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e) Dobre: (http://www.google.com) -> Nie wykonano akcji. wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 3 C:\Users\Marcin\AppData\Local\ALLPlayer\Plugins\Scripter's Spectrum.svp (Trojan.Downloader) -> Nie wykonano akcji. C:\Users\Marcin\Desktop\Nowy folder (4)\RMVBPlayerSetup.exe (PUP.Adware.RKN) -> Nie wykonano akcji. C:\Users\Marcin\Desktop\Nowy folder (4)\Access 2007\Thinstall\MOEA2007\30000000a0300002i\MSACCESS.EXE (Trojan.IRCBot) -> Nie wykonano akcji. (zakończone)[/CODE] Przeskanowałem i takie coś mi wyskoczyło. Co teraz robić? Chciałbym uniknąć formatowania
Antagoniss komentarz 4 czerwca 2012 komentarz 4 czerwca 2012 Wykonaj logi w programach OTL i RSIT, wg instrukcji z poradnika w nagłówku i poczekaj na pomoc specjalisty od bezpieczeństwa. 1
almarjur komentarz 5 czerwca 2012 Autor komentarz 5 czerwca 2012 (edytowane) Log z OTL: [log] OTL logfile created on: 2012-06-05 15:45:32 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Marcin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,98 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,96% Memory free 7,96 Gb Paging File | 6,35 Gb Available in Paging File | 79,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 5,40 Gb Free Space | 5,40% Space Free | Partition Type: NTFS Drive D: | 80,01 Gb Total Space | 47,35 Gb Free Space | 59,17% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 84,43 Gb Free Space | 56,65% Space Free | Partition Type: NTFS Drive F: | 218,07 Gb Total Space | 45,20 Gb Free Space | 20,73% Space Free | Partition Type: NTFS Drive G: | 390,63 Gb Total Space | 136,06 Gb Free Space | 34,83% Space Free | Partition Type: NTFS Drive H: | 440,88 Gb Total Space | 263,31 Gb Free Space | 59,72% Space Free | Partition Type: NTFS Drive N: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GLAUDIS | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-06-05 15:41:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe PRC - [2012-05-12 14:37:50 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012-04-23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe PRC - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2011-02-01 14:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011-02-01 14:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-06-05 15:41:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe MOD - [2012-05-12 14:37:50 | 014,290,800 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\Opera.dll MOD - [2012-05-12 14:37:50 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe MOD - [2012-05-05 17:26:20 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012-04-04 15:56:38 | 002,165,320 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012-04-04 15:56:38 | 000,476,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2012-03-08 16:14:39 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012-03-08 16:14:39 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2012-03-01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012-02-28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012-02-28 03:12:01 | 001,103,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012-02-28 03:11:07 | 001,127,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012-02-28 03:04:32 | 001,792,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012-02-15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe MOD - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2012-01-04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012-01-04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2011-12-16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2011-11-17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2011-11-17 07:34:52 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2011-11-17 07:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2011-11-17 07:28:48 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2011-08-27 06:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2011-08-27 06:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2011-07-16 06:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2011-07-16 06:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2011-06-16 06:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2011-05-24 12:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2011-05-24 12:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2011-03-03 07:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2010-11-21 05:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010-11-21 05:25:11 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2010-11-21 05:24:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2010-11-21 05:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010-11-21 05:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010-11-21 05:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010-11-21 05:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010-11-21 05:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010-11-21 05:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010-11-21 05:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010-11-21 05:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010-11-21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010-11-21 05:24:20 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2010-11-21 05:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2010-11-21 05:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010-11-21 05:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010-11-21 05:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010-11-21 05:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010-11-21 05:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010-11-21 05:24:15 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2010-11-21 05:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010-11-21 05:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010-11-21 05:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010-11-21 05:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010-11-21 05:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010-11-21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010-11-21 05:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010-11-21 05:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010-11-21 05:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010-11-21 05:24:08 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2010-11-21 05:24:08 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2010-11-21 05:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010-11-21 05:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010-11-21 05:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010-11-21 05:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-11-21 05:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2010-11-21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010-11-21 05:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010-11-21 05:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2010-11-21 05:23:59 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010-11-21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010-11-21 05:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010-11-21 05:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010-11-21 05:23:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2010-11-21 05:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010-11-21 05:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010-11-21 05:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010-11-21 05:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010-11-21 05:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010-11-21 05:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010-11-21 05:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010-11-21 05:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-08-18 12:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 03:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 03:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 03:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2009-07-14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-11-21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:[b]64bit:[/b] - [2010-09-29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:[b]64bit:[/b] - [2009-07-14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV - [2012-05-20 09:46:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-05-05 17:26:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-04-23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-11-14 11:16:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Marcin\AppData\Local\Temp\7zS6CCB\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2011-04-25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011-02-01 14:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011-02-01 14:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007-12-18 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007-01-12 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-29 18:55:05 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-02-28 16:36:32 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-03-10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2011-03-04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:[b]64bit:[/b] - [2011-03-04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:[b]64bit:[/b] - [2010-12-29 18:55:46 | 000,370,152 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:[b]64bit:[/b] - [2010-12-29 18:55:44 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:[b]64bit:[/b] - [2010-09-29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-09-29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-08-24 11:55:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2010-08-16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2010-06-11 15:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:[b]64bit:[/b] - [2010-05-25 15:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2010-05-25 15:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:[b]64bit:[/b] - [2010-05-25 15:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:[b]64bit:[/b] - [2010-04-27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:[b]64bit:[/b] - [2010-04-27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:[b]64bit:[/b] - [2010-04-27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:[b]64bit:[/b] - [2009-11-02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2010-05-27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6DE29AB3-687C-42CC-AEC9-41DAA157E846}: "URL" = [url="http://startsear.ch/?aff=1&src=sp&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e&q={searchTerms}"]http://startsear.ch/...q={searchTerms}[/url] IE - HKLM\..\SearchScopes\{CA1488BE-E6C4-44B7-ADEA-02702E5A3477}: "URL" = [url="http://startsear.ch/?aff=1&src=sp&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e&q={searchTerms}"]http://startsear.ch/...q={searchTerms}[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/?aff=1&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e"]http://startsear.ch/...c2-bc5ff40b878e[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\InprocServer32 File not found IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes,DefaultScope = {AFB773FD-A2FE-4387-AD4F-14FEE6B82723} IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = [url="http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4"]http://start.facemoo...earchTerms}&f=4[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/?q={searchTerms}&affID=110021&babsrc=SP_ss&mntrId=f69c210c000000000000bc5ff40b878e"]http://search.babylo...000bc5ff40b878e[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes\{AFB773FD-A2FE-4387-AD4F-14FEE6B82723}: "URL" = [url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}"]http://search.yahoo....p={searchTerms}[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\..\SearchScopes\{CA1488BE-E6C4-44B7-ADEA-02702E5A3477}: "URL" = [url="http://startsear.ch/?aff=1&src=sp&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e&q={searchTerms}"]http://startsear.ch/...q={searchTerms}[/url] IE - HKU\S-1-5-21-373178243-1113849388-1236114860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-05-03 18:24:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-05-03 18:24:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-05-03 18:24:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Program Files (x86)\2YourFace\ffextension [2012-04-21 22:17:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Program Files (x86)\2YourFace\ffextension [2012-04-21 22:17:26 | 000,000,000 | ---D | M] [2012-04-06 11:58:27 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: StartSearch Video plug-in = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\ CHR - Extension: YouTube = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ CHR - Extension: Facemoods = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\ CHR - Extension: Klawiatura wirtualna = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Gmail = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Blokowanie baner\u00F3w = C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files (x86)\2YourFace\bho.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll File not found O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-373178243-1113849388-1236114860-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-373178243-1113849388-1236114860-1000..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S2EF.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-373178243-1113849388-1236114860-1000..\Run: [EPSON SX410 Series (Kopia 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_SF2AA.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-373178243-1113849388-1236114860-1000..\Run: [RGSC] E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com) O8:[b]64bit:[/b] - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com) O9:[b]64bit:[/b] - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2642C5D-566B-40C7-AB2C-EFE5B0F43F41}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-02-08 21:25:17 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-01-25 14:20:54 | 000,000,048 | R--- | M] () - N:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4f4139f7-62ec-11e1-b16a-bc5ff40b878e}\Shell - "" = AutoRun O33 - MountPoints2\{4f4139f7-62ec-11e1-b16a-bc5ff40b878e}\Shell\AutoRun\command - "" = N:\Starter.exe -- [2011-03-24 12:58:20 | 000,049,152 | R--- | M] () O33 - MountPoints2\{c2c689b7-6181-11e1-9831-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c2c689b7-6181-11e1-9831-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Prawko.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - Service SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - Service SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-06-05 15:41:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe [2012-06-04 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Malwarebytes [2012-06-04 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-06-04 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-06-04 19:20:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-06-04 19:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-06-04 19:19:42 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marcin\Desktop\mbam-setup-1.61.0.1400.exe [2012-06-03 20:46:08 | 000,425,472 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\Marcin\Desktop\I9003_Odin3 v1.82.exe [2012-06-03 17:45:09 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\Nowy folder (4) [2012-06-03 11:42:36 | 000,000,000 | ---D | C] -- C:\Adjustment Program [2012-06-03 10:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Robot [2012-06-03 10:58:58 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Blitware [2012-06-03 10:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Robot [2012-06-03 10:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012-06-02 16:26:39 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Test Drive Unlimited [2012-06-02 16:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited [2012-05-19 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012-05-19 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Thinstall [2012-05-19 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\NFS Underground 2 [2012-05-18 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve [2012-05-05 08:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012-05-05 08:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar [2012-05-05 08:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012-04-21 22:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor [2012-04-21 22:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2YourFace [2012-04-21 22:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012-04-21 22:17:04 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Babylon [2012-04-21 22:17:03 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Babylon [2012-04-21 22:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012-04-21 22:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro7 [2012-04-21 22:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metro7 [2012-04-15 19:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft [2012-04-15 19:04:01 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Archive Password Recovery [2012-04-15 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Archive Password Recovery [2012-04-15 19:00:32 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery [2012-04-15 19:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery [2012-04-15 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore [2012-04-15 12:04:43 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Desktop\I9000XXJVU_I9000OXAJVU_OXA [2012-04-15 12:01:55 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2012-04-15 12:01:55 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2012-04-15 12:01:55 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2012-04-15 12:01:55 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2012-04-15 12:01:55 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys [2012-04-15 12:01:55 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2012-04-15 12:01:55 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys [2012-04-15 12:01:38 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys [2012-04-15 12:01:38 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys [2012-04-15 12:01:38 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys [2012-04-15 12:01:38 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys [2012-04-15 12:01:38 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys [2012-04-15 12:01:38 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys [2012-04-15 12:01:38 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys [2012-04-15 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012-04-15 11:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012-04-15 11:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAMSUNG [2012-04-14 20:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsers Protector [2012-04-13 15:19:12 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Ubisoft Game Launcher [2012-04-13 15:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012-04-13 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\Assassin's Creed Revelations [2012-04-13 15:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012-04-13 15:15:02 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2012-04-13 15:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2012-04-13 15:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst [2012-04-11 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2012-04-11 09:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2012-04-11 09:55:40 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\VirtualDJ [2012-04-11 09:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2012-04-07 14:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-04-07 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Google [2012-04-07 14:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012-04-06 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\EA Games [2012-04-06 17:02:12 | 000,000,000 | ---D | C] -- C:\Users\Marcin\Documents\EA Games [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-06-05 15:46:15 | 003,670,016 | -HS- | M] () -- C:\Users\Marcin\ntuser.dat [2012-06-05 15:42:24 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-05 15:42:24 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-05 15:41:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe [2012-06-05 15:35:55 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-06-05 15:35:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-06-05 15:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-06-05 15:35:00 | 3207,606,272 | -HS- | M] () -- C:\hiberfil.sys [2012-06-04 20:08:39 | 003,444,031 | -H-- | M] () -- C:\Users\Marcin\AppData\Local\IconCache.db [2012-06-04 19:26:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-06-04 19:23:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-06-04 19:20:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-06-04 19:19:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marcin\Desktop\mbam-setup-1.61.0.1400.exe [2012-06-03 21:25:41 | 002,847,578 | ---- | M] () -- C:\Users\Marcin\Desktop\1338679763czyszczenie-pociagu.gif [2012-06-03 21:00:15 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-06-03 21:00:15 | 000,697,752 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-06-03 21:00:15 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-06-03 21:00:15 | 000,134,862 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-06-03 21:00:15 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-06-03 16:13:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2012-05-20 00:02:43 | 000,021,504 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl [2012-05-19 23:47:20 | 000,524,288 | -HS- | M] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TMContainer00000000000000000002.regtrans-ms [2012-05-19 23:47:20 | 000,524,288 | -HS- | M] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TMContainer00000000000000000001.regtrans-ms [2012-05-19 23:47:18 | 000,065,536 | -HS- | M] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TM.blf [2012-05-19 23:39:26 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\umstartup000.etl [2012-05-19 23:39:24 | 137,485,590 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-05-10 09:43:58 | 000,312,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-04-22 10:31:01 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012-04-21 22:17:16 | 000,001,492 | ---- | M] () -- C:\user.js [2012-04-15 19:05:35 | 000,001,035 | ---- | M] () -- C:\Windows\ARCHPR.INI [2012-04-11 18:23:31 | 000,069,032 | ---- | M] () -- C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-04 19:20:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-06-03 21:25:41 | 002,847,578 | ---- | C] () -- C:\Users\Marcin\Desktop\1338679763czyszczenie-pociagu.gif [2012-06-03 20:46:12 | 000,001,744 | ---- | C] () -- C:\Users\Marcin\Desktop\s1_odin_20100512.pit [2012-06-03 10:58:58 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job [2012-05-19 23:47:20 | 000,524,288 | -HS- | C] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TMContainer00000000000000000002.regtrans-ms [2012-05-19 23:47:20 | 000,524,288 | -HS- | C] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TMContainer00000000000000000001.regtrans-ms [2012-05-19 23:47:18 | 000,065,536 | -HS- | C] () -- C:\Users\Marcin\ntuser.dat{129fc05f-a1fb-11e1-af72-bc5ff40b878e}.TM.blf [2012-05-19 23:39:24 | 137,485,590 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-04-21 22:17:14 | 000,001,492 | ---- | C] () -- C:\user.js [2012-04-15 19:04:05 | 000,001,035 | ---- | C] () -- C:\Windows\ARCHPR.INI [2012-04-13 15:15:02 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll [2012-04-07 14:13:32 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-04-07 14:13:32 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-03-14 21:47:31 | 000,075,045 | ---- | C] () -- C:\Windows\SysWow64\578030db.exe [2012-03-08 09:51:34 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-03-08 09:48:30 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-03-08 09:48:30 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012-03-03 10:20:10 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012-03-03 10:20:10 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012-03-03 10:20:10 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012-03-03 10:20:10 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012-03-03 10:20:10 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012-03-03 10:20:10 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012-03-03 10:20:10 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012-03-03 10:20:10 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012-03-03 10:20:10 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012-03-03 10:20:10 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012-03-03 10:20:10 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012-03-03 10:20:10 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012-03-03 10:20:10 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012-03-03 10:20:10 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012-03-03 10:20:10 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012-03-03 10:20:10 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012-03-03 10:20:10 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012-03-03 10:20:10 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012-03-03 10:20:10 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012-03-01 17:35:35 | 000,071,208 | ---- | C] () -- C:\Windows\PhysXLoader.dll [2012-02-28 16:38:55 | 000,017,408 | ---- | C] () -- C:\Users\Marcin\AppData\Local\WebpageIcons.db [2012-02-27 22:57:29 | 000,069,032 | ---- | C] () -- C:\Users\Marcin\AppData\Local\GDIPFONTCACHEV1.DAT [2012-02-27 22:57:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-02-27 22:53:39 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012-02-27 22:47:43 | 003,444,031 | -H-- | C] () -- C:\Users\Marcin\AppData\Local\IconCache.db [2011-04-09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== LOP Check ==========[/color] [2012-04-05 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\.minecraft [2012-04-21 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Babylon [2012-05-07 22:27:04 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\BitComet [2012-03-30 21:23:31 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\BlackBean [2012-06-03 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Blitware [2012-02-29 19:01:08 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\DAEMON Tools Lite [2012-02-28 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Opera [2012-04-06 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Origin [2012-05-19 21:12:36 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Thinstall [2012-03-03 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Marcin\AppData\Roaming\Unified Remote [2012-06-03 16:13:19 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2012-04-14 20:32:44 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-11-21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2012-02-27 22:28:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012-06-05 15:35:00 | 3207,606,272 | -HS- | M] () -- C:\hiberfil.sys [2012-06-05 15:35:01 | 4276,809,728 | -HS- | M] () -- C:\pagefile.sys [2012-04-06 11:58:27 | 000,001,151 | ---- | M] () -- C:\prefs.js [2012-04-21 22:17:16 | 000,001,492 | ---- | M] () -- C:\user.js [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010-11-21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2010-11-21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys [2010-11-21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < End of report > [/log] RSIT: [log] info.txt logfile of random's system information tool 1.09 2012-06-05 15:58:27 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->MsiExec /X{54194F60-988C-4D03-B922-C2B00EFDA39A} 2YourFace 1.0-->C:\Program Files (x86)\2YourFace\uninst.exe Adobe Reader 9.5.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A95000000001} Advanced Archive Password Recovery (remove only)-->C:\Program Files (x86)\ElcomSoft\ARCHPR\uninstall.exe Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} ALLPlayer V5.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe" Asmedia ASM104x USB 3.0 Host Controller Driver-->MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} Assassins Creed Revelations 1.01-->"E:\Assassins Creed Revelations\uninstall\unins000.exe" Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0015 -removeonly Babylon toolbar on IE-->"C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" Batman Arkham City version 1.0-->"E:\Batman Arkham City\uninstall\unins000.exe" Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67} BitComet 1.31-->C:\Program Files (x86)\BitComet\uninst.exe Browsers Protector-->C:\Program Files (x86)\Browsers Protector\uninstall.exe Catalyst Control Center - Branding-->MsiExec.exe /I{DDA34038-89BD-4804-B0B8-DC48D5DFB463} Contextual Tool Extrafind-->C:\Windows\system32\578030db.exe Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 Counter-Strike™-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Driver Robot-->"C:\Program Files (x86)\Driver Robot\2.5.4.2\unins000.exe" EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r Epson Stylus SX210_SX410_TX210_TX410 Podręcznik-->C:\Program Files (x86)\EPSON\TPMANUAL\ESSX210_410_TX210_410\POL\USE_G\DOCUNINS.EXE Facemoods Toolbar-->"C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe" ffdshow v1.1.4342 [2012-02-28]-->"C:\Program Files (x86)\ffdshow\unins000.exe" FIFA 12 © EA version 1-->"E:\FIFA 12\unins000.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301} HydraVision-->MsiExec.exe /X{B80BE2E3-EA77-53D4-7A56-C53D452E6D50} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall James Bond 007™ - Blood Stone-->"C:\Program Files (x86)\InstallShield Installation Information\{8A56A332-F833-45CF-9A20-6F3524054843}\setup.exe" -runfromtemp -l0x0409 -removeonly James Bond 007™ - Blood Stone-->MsiExec.exe /X{8A56A332-F833-45CF-9A20-6F3524054843} Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} Kaspersky Internet Security 2012-->MsiExec.exe /I{45E557D6-2271-4F13-8101-C620B4285AB0} Kaspersky Internet Security 2012-->MsiExec.exe /I{45E557D6-2271-4F13-8101-C620B4285AB0} REMOVEALLDATA=No SAVESETTINGS="" Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Metro 2033-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/43110 Metro7 version 1.0-->"C:\Program Files (x86)\Metro7\unins000.exe" Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0415-1000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {9CC96D78-9E1D-46E0-AF4D-3EB440CD4619} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Minecraft PC Gamer Demo version 1.5-->"C:\Program Files (x86)\Minecraft PC Gamer Demo\unins000.exe" MSI Afterburner 2.1.0-->"C:\Program Files (x86)\MSI Afterburner\uninstall.exe" Need For Speed SHIFT-->"E:\Need For Speed SHIFT\Uninstall\unins000.exe" Need for Speed™ SHIFT-->hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,58,00,7b,00,42,00,42,00,46,00,30,00,41,00,36,00,37,00,42,00,2d,00,35,00,44,00,42,00,41,00,2d,00,34,00,35,00,32,00,46,00,2d,00,39,00,44,00,32,00,45,00,2d,00,36,00,46,00,31,00,36,00,38,00,42,00,43,00,32,00,32,00,36,00,45,00,34,00,7d,00,00,00 NVIDIA PhysX-->MsiExec.exe /X{54194F60-988C-4D03-B922-C2B00EFDA39A} Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall Piłkarskie Mistrzostwa Świata 2002-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{13A1C880-672C-11D6-8520-00C0CA129740}\setup.exe" Pro Evolution Soccer 2012-->MsiExec.exe /X{E737A098-F161-4B6F-AF22-86AAE34F6FBD} RAR Password Recovery v1.1 RC17 (remove only)-->C:\Program Files (x86)\Intelore\RAR Password Recovery\uninstall.exe Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly RMVB Player 1.0.1-->"C:\Program Files (x86)\RMVB Player\unins000.exe" SAMSUNG CDMA Modem Driver Set-->C:\Program Files (x86)\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe SBK®2011 FIM Superbike World Championship-->"C:\Program Files (x86)\InstallShield Installation Information\{2BD71119-F980-4717-889B-6453DD96592F}\setup.exe" -runfromtemp -l0x0415 -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP StartSearch Toolbar 1.3-->C:\Program Files (x86)\StartSearch plugin\uninst.exe Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubEdit-Player-->"C:\Program Files (x86)\SubEdit-Player\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG WinRAR 4.11 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe YouTube Downloader 3.5-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe" YouTube Downloader Toolbar v5.7-->MsiExec.exe /X{693E7C73-235F-4315-9626-00B8989F726B} ======System event log====== Computer Name: Glaudis Event Code: 62464 Message: UVD Information Record Number: 266532 Source Name: amdkmdag Time Written: 20120515184253.161526-000 Event Type: Informacje User: Computer Name: Glaudis Event Code: 62464 Message: UVD Information Record Number: 266531 Source Name: amdkmdag Time Written: 20120515184253.161526-000 Event Type: Informacje User: Computer Name: Glaudis Event Code: 62464 Message: UVD Information Record Number: 266530 Source Name: amdkmdag Time Written: 20120515184253.148525-000 Event Type: Informacje User: Computer Name: Glaudis Event Code: 62464 Message: UVD Information Record Number: 266529 Source Name: amdkmdag Time Written: 20120515184253.148525-000 Event Type: Informacje User: Computer Name: Glaudis Event Code: 62464 Message: UVD Information Record Number: 266528 Source Name: amdkmdag Time Written: 20120515184253.148525-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247F27-25 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 5 Source Name: Microsoft-Windows-WMI Time Written: 20120227203019.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20120227203017.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 3 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20120227203013.633693-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247F27-25 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 2 Source Name: Microsoft-Windows-EventSystem Time Written: 20120227203013.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 1532 Message: Usługa profilów użytkowników została zatrzymana. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101121035831.124372-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM =====Security event log===== Computer Name: 37L4247F27-25 Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120227203002.198873-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247F27-25$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1e4 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120227203002.198873-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x31aa7 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120227202957.066464-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120227202954.898060-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120227202954.788860-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- [/log] [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Marcin at 2012-06-05 15:58:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 6 GB (5%) free of 102 GB Total RAM: 4079 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:58:26, on 2012-06-05 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Browsers Protector\regmon32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\Marcin\Desktop\OTL.exe C:\Users\Marcin\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Marcin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/?aff=1&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e"]http://startsear.ch/...c2-bc5ff40b878e[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll (file missing) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: C:\Program Files (x86)\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files (x86)\2YourFace\bho.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll (file missing) O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll (file missing) O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I O4 - HKLM\..\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RGSC] E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S2EF.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON SX410 Series (Kopia 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_SF2AA.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: &P&obierz &za pomocą BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Usługa Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12040 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\Driver Robot.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] 2YourFace Addon - C:\Program Files (x86)\2YourFace\bho.dll [2012-03-21 85312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-25 86416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}] CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll [2011-09-05 265944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-22 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-22 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] IplexToALLPlayer - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [2011-02-09 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-25 229776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}] YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll [2011-09-05 220888] {98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680] {F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.7\youtubedownloaderToolbarIE.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304] "AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-25 202296] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] "facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [2011-09-05 362200] "Browsers Protector"=C:\Program Files (x86)\Browsers Protector\regmon32.exe [2012-02-15 147784] ""= [] "SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2012-04-23 983904] "Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RGSC"=E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408] "EPSON SX410 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [2008-10-02 223232] "EPSON SX410 Series (Kopia 1)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [2008-10-02 223232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoDriveTypeAutoRun"=28 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "VIDC.FFDS"=ff_vfw.dll "msacm.avis"=ff_acm.acm "VIDC.RTV1"=rtvcvfw32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2012-06-05 15:58:23 ----D---- C:\Program Files (x86)\trend micro 2012-06-05 15:58:22 ----D---- C:\rsit 2012-06-04 19:20:49 ----D---- C:\Users\Marcin\AppData\Roaming\Malwarebytes 2012-06-04 19:20:46 ----D---- C:\ProgramData\Malwarebytes 2012-06-04 19:20:45 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-03 11:42:36 ----D---- C:\Adjustment Program 2012-06-03 10:58:58 ----D---- C:\Users\Marcin\AppData\Roaming\Blitware 2012-06-03 10:58:57 ----D---- C:\Program Files (x86)\Driver Robot 2012-06-03 10:37:54 ----D---- C:\ProgramData\HP 2012-06-02 16:26:36 ----D---- C:\ProgramData\Test Drive Unlimited 2012-05-20 00:01:11 ----A---- C:\Windows\ntbtlog.txt 2012-05-19 23:39:30 ----D---- C:\Windows\Minidump 2012-05-19 21:12:36 ----D---- C:\Users\Marcin\AppData\Roaming\Thinstall 2012-05-18 20:32:18 ----D---- C:\Program Files (x86)\Valve 2012-05-09 16:20:04 ----A---- C:\Windows\SysWOW64\DWrite.dll 2012-05-09 16:20:02 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-09 16:20:02 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-05 08:42:34 ----D---- C:\Program Files (x86)\Application Updater 2012-05-05 08:42:33 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar 2012-05-05 08:42:33 ----D---- C:\Program Files (x86)\Common Files\Spigot 2012-04-21 22:17:59 ----D---- C:\Program Files (x86)\hpmonitor 2012-04-21 22:17:26 ----D---- C:\Program Files (x86)\2YourFace 2012-04-21 22:17:15 ----D---- C:\Program Files (x86)\BabylonToolbar 2012-04-21 22:17:14 ----A---- C:\user.js 2012-04-21 22:17:03 ----D---- C:\Users\Marcin\AppData\Roaming\Babylon 2012-04-21 22:17:03 ----D---- C:\ProgramData\Babylon 2012-04-21 22:16:09 ----D---- C:\Program Files (x86)\Metro7 2012-04-15 19:04:05 ----A---- C:\Windows\ARCHPR.INI 2012-04-15 19:04:01 ----D---- C:\Program Files (x86)\ElcomSoft 2012-04-15 19:00:32 ----D---- C:\Program Files (x86)\Intelore 2012-04-15 12:01:23 ----D---- C:\ProgramData\Samsung 2012-04-15 11:39:50 ----D---- C:\Program Files (x86)\SAMSUNG 2012-04-14 20:37:46 ----D---- C:\Program Files (x86)\Browsers Protector 2012-04-13 15:19:09 ----D---- C:\ProgramData\Ubisoft 2012-04-13 15:16:15 ----D---- C:\Program Files (x86)\Ubisoft 2012-04-13 15:14:55 ----D---- C:\Program Files (x86)\MSI Afterburner 2012-04-11 16:16:53 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\urlmon.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\url.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\jscript9.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\jscript.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\ieui.dll 2012-04-11 16:16:52 ----A---- C:\Windows\SysWOW64\iertutil.dll 2012-04-11 16:16:51 ----A---- C:\Windows\SysWOW64\wininet.dll 2012-04-11 16:16:51 ----A---- C:\Windows\SysWOW64\mshtml.dll 2012-04-11 16:16:51 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2012-04-11 16:16:50 ----A---- C:\Windows\SysWOW64\ieframe.dll 2012-04-11 16:15:36 ----A---- C:\Windows\SysWOW64\imagehlp.dll 2012-04-11 16:15:35 ----A---- C:\Windows\SysWOW64\wmi.dll 2012-04-11 16:15:35 ----A---- C:\Windows\SysWOW64\wintrust.dll 2012-04-11 09:55:40 ----D---- C:\Program Files (x86)\VirtualDJ 2012-04-07 14:13:20 ----D---- C:\Program Files (x86)\Google 2012-04-06 15:30:04 ----D---- C:\ProgramData\Origin 2012-04-06 15:28:45 ----D---- C:\Users\Marcin\AppData\Roaming\Origin 2012-04-06 15:28:44 ----D---- C:\ProgramData\Electronic Arts 2012-04-06 15:28:24 ----D---- C:\Program Files (x86)\Origin 2012-04-06 12:06:59 ----D---- C:\Program Files (x86)\SubEdit-Player 2012-04-06 11:58:27 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-04-06 11:58:27 ----A---- C:\prefs.js 2012-04-06 11:58:25 ----D---- C:\Program Files (x86)\facemoods.com 2012-04-06 11:57:41 ----D---- C:\Program Files (x86)\RMVB Player ======List of files/folders modified in the last 2 months====== 2012-06-05 15:58:24 ----D---- C:\Windows\Temp 2012-06-05 15:58:23 ----RD---- C:\Program Files (x86) 2012-06-05 15:40:38 ----SHD---- C:\Windows\Installer 2012-06-05 15:37:49 ----D---- C:\ProgramData\Kaspersky Lab 2012-06-05 15:37:13 ----A---- C:\Windows\SysWOW64\log.txt 2012-06-04 20:00:55 ----SHD---- C:\System Volume Information 2012-06-04 19:20:46 ----HD---- C:\ProgramData 2012-06-04 17:23:33 ----D---- C:\Program Files (x86)\Steam 2012-06-03 21:00:15 ----D---- C:\Windows\System32 2012-06-03 21:00:15 ----D---- C:\Windows\inf 2012-06-03 20:49:19 ----D---- C:\Windows\Prefetch 2012-06-03 11:34:28 ----D---- C:\ProgramData\EPSON 2012-06-03 10:58:58 ----D---- C:\Windows\Tasks 2012-05-20 13:50:25 ----D---- C:\Program Files (x86)\Common Files\Steam 2012-05-20 00:01:11 ----D---- C:\Windows 2012-05-19 23:44:12 ----D---- C:\Windows\SysWOW64 2012-05-19 23:44:10 ----D---- C:\Program Files (x86)\Common Files 2012-05-19 23:44:09 ----D---- C:\Windows\registration 2012-05-12 14:37:55 ----D---- C:\Program Files (x86)\Opera 2012-05-10 21:27:01 ----D---- C:\Windows\Microsoft.NET 2012-05-10 21:27:00 ----RSD---- C:\Windows\assembly 2012-05-10 09:44:17 ----D---- C:\Windows\winsxs 2012-05-09 22:46:05 ----D---- C:\ProgramData\Microsoft Help 2012-05-07 22:27:04 ----D---- C:\Users\Marcin\AppData\Roaming\BitComet 2012-05-07 15:36:34 ----D---- C:\Downloads 2012-05-05 17:26:20 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-05-05 17:26:13 ----A---- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-04-22 12:48:48 ----D---- C:\Program Files (x86)\v9Soft 2012-04-15 11:40:39 ----RD---- C:\Program Files 2012-04-13 15:16:15 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2012-04-12 21:54:32 ----D---- C:\Windows\Logs 2012-04-11 18:21:00 ----D---- C:\Program Files (x86)\Internet Explorer 2012-04-11 18:20:59 ----D---- C:\Windows\SysWOW64\migration 2012-04-11 09:55:42 ----RSD---- C:\Windows\Fonts 2012-04-06 17:16:31 ----D---- C:\Windows\SysWOW64\directx ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [] R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [] S3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [] S3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [] S3 AsrCDDrv;AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] S3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-23 785304] R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-18 163840] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-12 126464] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-02-01 326168] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568] S2 AVP;Usługa Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-25 202296] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 136176] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-05-20 529232] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] Proszę o sprawdzenie:) Będę bardzo wdzięczny za pomoc
Gość komentarz 5 czerwca 2012 komentarz 5 czerwca 2012 .Zacznij od sprzątania. 1. odinstaluj z panelu Dodaj /Usuń programy Browser Protector. 2. Pobierz i uruchom AdwCleaner z opcji [b]Delete[/b] http://general-changelog-team.fr/outils/289-adwcleaner 3. Odinstaluj Kaspesky, masz starą wersję 2009, korzystając z firmowego narzedzia http://support.kaspersky.com/faq/?qid=208279463 1
almarjur komentarz 5 czerwca 2012 Autor komentarz 5 czerwca 2012 Zrobiłem AdwCleaner i wyskoczyło takie coś: 1) Usunąłem 2) [log] # AdwCleaner v1.608 - Logfile created 06/05/2012 at 21:09:37 # Updated 27/05/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Marcin - GLAUDIS # Running from : C:\Users\Marcin\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** Folder Deleted : C:\Users\Marcin\AppData\Local\Babylon Folder Deleted : C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif Folder Deleted : C:\Users\Marcin\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Marcin\AppData\Roaming\Babylon Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar Folder Deleted : C:\Program Files (x86)\Common Files\spigot File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml ***** [Registry] ***** Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Application Updater Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Search Settings Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/?aff=1&cf=7561ef05-6e0e-11e1-bfc2-bc5ff40b878e --> hxxp://www.google.fr -\\ Google Chrome v19.0.1084.52 File : C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "description": "StartSearch Video plug-in", Deleted : "name": "StartSearch Video plug-in", Deleted : "path": "chvsharetvplg.dll", Deleted : "explicit_host": [ "hxxp://*.facemoods.com/*" ], Deleted : "css": [ "style/facemoods_chrome_1.0.1.css" ], Deleted : "name": "Facemoods", Deleted : "permissions": [ "tabs", "cookies", "hxxp://*.facemoods.com/" ], Deleted : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml", Deleted : "homepage": "hxxp://search.babylon.com/?affID=110021&babsrc=HP_ss&mntrId=f69c210c000000000000bc5f[...] -\\ Opera v11.64.1403.0 File : C:\Users\Marcin\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [5969 octets] - [05/06/2012 21:09:37] ########## EOF - C:\AdwCleaner[S1].txt - [6097 octets] ########## [/log] 3) Miałem cały czas wersje z 2012roku. Usunąłem tym programem. Czy można już na nowo instalować antywirsua? Czy coś najpierw robić?
Gość komentarz 5 czerwca 2012 komentarz 5 czerwca 2012 [quote]3) Miałem cały czas wersje z 2012roku. Usunąłem tym programem. [/quote] Przepraszam. Pomyliłem się i spojrzałem na inny wpis. Zanim zainstalujesz kaspra od nowa : 1. Uruchom [b]Malwerbyts[/b] i dla wszystkich wpisów rejestru, które znalazł wykonaj akcję [b]Delete[/b]. 2. Pobiezr [b]Farbar Service Scanner[/b], zaznacz wszystkie opcje i wykonaj skan. Przedstaw raport http://www.bleepingcomputer.com/download/farbar-service-scanner/ 1
almarjur komentarz 5 czerwca 2012 Autor komentarz 5 czerwca 2012 (edytowane) Malwarebytes: [log] Malwarebytes Anti-Malware (Okres testowy) 1.61.0.1400 www.malwarebytes.org Wersja bazy: v2012.06.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcin :: GLAUDIS [administrator] Ochrona: Włączona 2012-06-05 21:37:27 mbam-log-2012-06-05 (21-37-27).txt Typ skanowania: Pełne skanowanie Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 491082 Upłynęło: 32 minut(y), 40 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 0 (Nie znaleziono zagrożeń) Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 9 G:\Instalki\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\cod mw2\Phx_data\Res\ss.exe (Backdoor.Bot) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Fifa 08\SantiagoBernabeuStadiumPad[DJNEO22].exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Fifa 08\Fifa 08 Pack Patch by DJ NEO22\FIFA08WindowedPatch.exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Fifa 08\Fifa 08 Pack Patch by DJ NEO22\Ligue1Flagpackbycannibal.exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Fifa 08\Fifa 08 Pack Patch by DJ NEO22\MichaelCarrickFacebyVM.exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. G:\Instalki\Fifa 08\Fifa 08 Pack Patch by DJ NEO22\NetherlandsPatchFVMProjec8.exe (Adware.Onlinegames) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. (zakończone) [/log] Farbar: [log] Farbar Service Scanner Version: 05-06-2012 Ran by Marcin (administrator) on 05-06-2012 at 22:24:43 Running from "C:\Users\Marcin\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** [/log] Taki log wyszedł. Proszę o sprawdzenie
almarjur komentarz 7 czerwca 2012 Autor komentarz 7 czerwca 2012 Próbowałem zainstalować KISa ale niestety nie można. Przy próbie zainstalowania wyświetla się okienko: ,,usuwanie niekompatybilnych aplikacji". Mimo kilkugodzinnego czekania nic nie wykrywa i instalacja nie idzie dalej. Dodam że po tych zabiegach przy uruchomieniu komputera ten się nie łączy z ruterem(wcześniej nie było z tym problemów). Pomaga tylko kilka razy zresetowanie rutera oraz komputera. Na innym komputerze problem ten nie występuje.
Gość komentarz 7 czerwca 2012 komentarz 7 czerwca 2012 Start > polecenie uruchom > cmd wklej komendę [b]netsh winsock reset[/b] klik Enter > restart sprawdź czy komp nawiązuje połączenie z netem
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.