kanalistakp utworzono 8 lipca 2012 utworzono 8 lipca 2012 Witam W sieci ostatnio pojawił się nowy wirus który jest znany jako 'Weelsof', albo jakoś tak ('komputer został zablokowany z powody naruszenia prawa polskiego'). W każdym razie polecane jest użycie combo-fixa. Co do tego jestem bardzo nieufny ponieważ czytałem że program to już końcowa ostateczność (na tym forum). Dlatego wstawiłem loga z OTL'a i moje pytanie brzmi: Czy pomożecie mi usunąć go za pomocą sameg OTL'a? Z góry mówie że jestem zielony i dziękuje za jakąkolwiek pomoc. A oto log: [log]OTL logfile created on: 2012-07-08 23:05:41 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,82% Memory free 4,19 Gb Paging File | 3,69 Gb Available in Paging File | 87,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 21,56 Gb Free Space | 17,97% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe PRC - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-02-03 19:53:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2011-02-03 19:46:35 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2006-11-02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2006-11-02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe PRC - [2006-11-02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2006-11-02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe MOD - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe MOD - [2012-06-28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll MOD - [2012-06-28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll MOD - [2012-06-28 12:27:37 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\icudt.dll MOD - [2012-06-28 12:27:31 | 036,733,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\chrome.dll MOD - [2012-06-28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll MOD - [2012-06-28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll MOD - [2012-06-28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll MOD - [2012-06-28 10:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll MOD - [2012-01-09 16:27:56 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll MOD - [2011-10-10 12:09:26 | 000,555,168 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2011-02-05 09:57:40 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2011-02-03 20:41:11 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2011-02-03 20:39:40 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-02-03 20:39:38 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2011-02-03 20:39:32 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2011-02-03 20:39:31 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-02-03 20:36:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll MOD - [2011-02-03 20:34:56 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2011-02-03 20:34:56 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2011-02-03 20:31:23 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll MOD - [2011-02-03 20:31:23 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2011-02-03 20:29:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2011-02-03 20:17:21 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2011-02-03 20:08:27 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2011-02-03 20:06:40 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll MOD - [2011-02-03 20:05:49 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2011-02-03 20:03:56 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll MOD - [2011-02-03 20:01:23 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2011-02-03 19:53:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2011-02-03 19:53:52 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll MOD - [2011-02-03 19:51:44 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll MOD - [2011-02-03 19:51:40 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll MOD - [2011-02-03 19:48:25 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2011-02-03 19:48:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2011-02-03 19:47:59 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2011-02-03 19:46:35 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2011-02-03 19:40:35 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-02-03 19:39:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2011-02-03 19:38:55 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2011-02-03 19:37:40 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2011-02-03 19:37:40 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2011-02-03 19:37:39 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll MOD - [2011-02-03 19:31:29 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2011-02-03 18:55:18 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2011-02-03 18:54:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2011-02-03 18:54:30 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2011-02-03 18:52:19 | 000,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2011-02-03 18:51:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2010-03-15 12:28:22 | 000,142,336 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006-11-02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006-11-02 14:35:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2006-11-02 14:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll MOD - [2006-11-02 14:35:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006-11-02 14:34:48 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2006-11-02 14:34:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll MOD - [2006-11-02 14:34:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006-11-02 14:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006-11-02 14:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2006-11-02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2006-11-02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2006-11-02 11:46:16 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll MOD - [2006-11-02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2006-11-02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2006-11-02 11:46:14 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2006-11-02 11:46:14 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2006-11-02 11:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2006-11-02 11:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2006-11-02 11:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2006-11-02 11:46:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006-11-02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2006-11-02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006-11-02 11:46:13 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2006-11-02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2006-11-02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2006-11-02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2006-11-02 11:46:13 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2006-11-02 11:46:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2006-11-02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll MOD - [2006-11-02 11:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006-11-02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2006-11-02 11:46:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll MOD - [2006-11-02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2006-11-02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2006-11-02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2006-11-02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2006-11-02 11:46:12 | 001,822,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2006-11-02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2006-11-02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2006-11-02 11:46:12 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2006-11-02 11:46:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2006-11-02 11:46:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2006-11-02 11:46:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2006-11-02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2006-11-02 11:46:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2006-11-02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2006-11-02 11:46:12 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2006-11-02 11:46:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2006-11-02 11:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2006-11-02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll MOD - [2006-11-02 11:46:11 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2006-11-02 11:46:11 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll MOD - [2006-11-02 11:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2006-11-02 11:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2006-11-02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2006-11-02 11:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2006-11-02 11:46:10 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2006-11-02 11:46:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll MOD - [2006-11-02 11:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006-11-02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2006-11-02 11:46:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2006-11-02 11:46:05 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2006-11-02 11:46:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2006-11-02 11:46:05 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2006-11-02 11:46:05 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2006-11-02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2006-11-02 11:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2006-11-02 11:46:05 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2006-11-02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006-11-02 11:46:04 | 000,445,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2006-11-02 11:46:04 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2006-11-02 11:46:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2006-11-02 11:46:04 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2006-11-02 11:46:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2006-11-02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2006-11-02 11:46:03 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll MOD - [2006-11-02 11:46:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2006-11-02 11:46:03 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll MOD - [2006-11-02 11:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2006-11-02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006-11-02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2006-11-02 11:46:02 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2006-11-02 11:46:02 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2006-11-02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2006-11-02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2006-11-02 11:46:02 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2006-11-02 11:46:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006-11-02 11:44:42 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2006-11-02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2006-11-02 11:44:42 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll MOD - [2006-11-02 11:38:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-02-03 20:21:46 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [Kernel | System | Stopped] -- -- (aswSP) DRV - File not found [Kernel | System | Stopped] -- -- (aswRdr) DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk) DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex) DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt) DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k) DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9} IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={914BE104-A699-11E1-A7AE-001A4D5092C9} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=kno&s={searchTerms}&f=4 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=14976849000000000000001a4d5092c9 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={914BE104-A699-11E1-A7AE-001A4D5092C9} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "SFT_Polska Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0 FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1 FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6 FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.1.830 FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7 FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1 FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1 FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6 FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031817&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-15 11:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M] [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions [2012-06-22 23:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80} [2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137} [2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011-04-09 19:59:33 | 000,000,000 | ---D | M] (Billeo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a} [2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} [2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2011-10-22 21:28:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} [2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} [2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011-08-26 22:55:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-05-25 20:44:00 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de [2011-04-17 07:16:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\engine@conduit.com [2011-11-08 08:44:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\ffxtlbr@babylon.com [2011-08-27 14:06:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\ffxtlbr@Facemoods.com [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca [2012-05-25 20:44:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\plugin@yontoo.com [2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com [2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com [2011-08-04 10:31:04 | 000,000,923 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\conduit.xml [2011-10-22 21:28:50 | 000,002,520 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\SearchResults.xml [2012-05-27 12:28:19 | 000,004,113 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\sweetim.xml [2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-15 11:58:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-11 16:10:39 | 000,002,298 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-08-27 16:00:09 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-22 21:28:50 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (SFT_Polska Toolbar) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SFT_Polska Toolbar) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lineage II Freya PL.lnk - - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestrowanie produktów Corela.lnk - - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) MsConfig - StartUpReg: [b]avast5[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Best Malware Protection[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: [b]DATAMNGR[/b] - hkey= - key= - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) MsConfig - StartUpReg: [b]EA Core[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ehTray.exe[/b] - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]facemoods[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) MsConfig - StartUpReg: [b]PKTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ProfilerU[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) MsConfig - StartUpReg: [b]SaiMfd[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek) MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Spol[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]WINKL[/b] - hkey= - key= - File not found MsConfig - State: "startup" - 1 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp [2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-07-08 12:25:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real [2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005 [2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11 [2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12 [2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports [2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-05-25 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012-05-25 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012-05-25 20:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012-05-25 20:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre [2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-07-08 23:04:10 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT [2012-07-08 23:02:38 | 000,801,306 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-07-08 23:02:38 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-07-08 23:02:38 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-07-08 23:02:38 | 000,085,832 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-07-08 23:02:38 | 000,012,232 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 22:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-08 19:26:26 | 4161,796,060 | ---- | M] () -- C:\Windows\System32\ir3cache.dll [2012-07-08 19:25:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-07-08 19:25:05 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012-07-08 19:24:10 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-08 19:24:10 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-08 19:24:07 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-08 12:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-08 12:01:12 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-07-08 12:01:11 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-07-06 16:06:01 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk [2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-01-15 01:21:26 | 4161,796,060 | ---- | C] () -- C:\Windows\System32\ir3cache.dll [2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys [2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys [2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys [2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll [2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe [2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll [2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll [2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys [2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll [2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat [2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll [2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat [2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat [2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat [2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat [2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [color=#E56717]========== LOP Check ==========[/color] [2011-11-08 08:44:41 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Babylon [2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer [2012-07-08 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent [2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre [2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite [2012-07-08 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles [2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10 [2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN [2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo [2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0 [2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla [2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech [2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker [2011-02-20 18:20:12 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\OpenCandy [2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera [2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin [2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape [2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer [2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys [2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client [2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue [2012-07-08 19:25:05 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012-07-08 19:25:35 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009-12-09 19:33:06 | 000,000,197 | ---- | M] () -- C:\csb.log [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-03-17 18:50:58 | 000,000,143 | ---- | M] () -- C:\KWINST.LOG [2010-11-04 19:30:38 | 000,173,568 | RHS- | M] () -- C:\l10.exe [2010-04-17 20:08:36 | 000,127,488 | RHS- | M] () -- C:\lhhr8.exe [2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-21 20:20:49 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml [2010-03-14 19:29:24 | 000,116,736 | RHS- | M] () -- C:\nhx.exe [2012-07-08 22:39:29 | 2459,828,224 | -HS- | M] () -- C:\pagefile.sys [2009-12-09 19:33:06 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log [2012-03-11 16:10:45 | 000,000,310 | ---- | M] () -- C:\user.js [2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2010-10-17 19:25:15 | 000,175,104 | RHS- | M] () -- C:\wq.exe [2010-03-16 18:01:00 | 000,119,808 | RHS- | M] () -- C:\y6cqb2is.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\System32\drivers\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807 < End of report > [/log] Extras: [log]OTL Extras logfile created on: 2012-07-08 23:05:41 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,82% Memory free 4,19 Gb Paging File | 3,69 Gb Available in Paging File | 87,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 21,56 Gb Free Space | 17,97% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{151C44B5-B7E0-4CB8-9CF2-36057B878D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1ABCAAFA-A530-49A4-9CB9-39CBD3F73D92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{45290CE1-6D2F-49D1-9EF4-26721A5F9C90}" = lport=139 | protocol=6 | dir=in | app=system | "{7DDAC2ED-FA3B-4188-8287-623E84296F38}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{84C3631D-34F2-4BEE-9CF0-EA1D54182822}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91FEE5AB-8BBD-40F9-8B7D-F927CE6EF13F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9246EB36-1B4C-4CEF-B852-BCBBDF228209}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{94ABC80D-D5B7-4CDE-B800-2E61DC9C5FD0}" = lport=137 | protocol=17 | dir=in | app=system | "{AA217ECC-E363-4FC0-9884-3D2B7FC7C81B}" = rport=137 | protocol=17 | dir=out | app=system | "{AC95357E-D414-46AA-AB4D-EA7486719138}" = rport=445 | protocol=6 | dir=out | app=system | "{B645F3C4-F28A-4A8D-AF15-3423F77E505A}" = lport=138 | protocol=17 | dir=in | app=system | "{B92551B1-E77A-49D0-BABD-110AE4BC25B4}" = rport=138 | protocol=17 | dir=out | app=system | "{B976DDF0-AFB7-413F-A7B3-CF90FA599A2D}" = rport=139 | protocol=6 | dir=out | app=system | "{E0CFF3BA-30F0-4A7B-9D15-8DB4F1F478EB}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009ED2A7-39CF-4D58-AF1A-D95B8A998842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{06885876-3DEE-45BA-80A0-FE6DA92A3773}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{0EBD0235-A6C6-4A3D-B9CD-475538D8BEDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{1B1E6320-63E1-49B9-ADD5-356DD50AAD65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1BEABCCC-7AC2-47DE-8A51-EA2571C8A66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe | "{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{48306E55-68E2-414B-A9B6-567004DF7BB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{9312A5FA-F014-400D-A118-F95D721912EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{BC12A978-F418-4218-80DC-9B64DFCD679D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{D7032544-596C-44EB-9A56-6A16C72304A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe | "{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe | "TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe | "TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe | "TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe | "TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe | "TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe | "UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe | "UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe | "UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe | "UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe | "UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5 "{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{531336A9-55EB-4367-8064-7180849D5676}" = calibre "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU "{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1 "{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "BitTorrent" = BitTorrent "BitTorrentBar Toolbar" = BitTorrentBar Toolbar "Catching Features Demo" = Catching Features Demo (remove only) "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "conduitEngine" = Conduit Engine "DAEMON Tools Lite" = DAEMON Tools Lite "DealPly" = DealPly "facemoods" = Facemoods Toolbar "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości "GOM Player" = GOM Player "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "iLivid" = iLivid "InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Logo Design Studio2.1.31" = Logo Design Studio "LogoMaker_is1" = LogoMaker 3.0 "MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23) "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 12.00.1467" = Opera 12.00 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PIT Format 2011_is1" = PIT Format 2011 "Postal 2" = Postal 2 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "SearchCore for Browsers" = SearchCore for Browsers "Searchqu 406 MediaBar" = Windows iLivid Toolbar "SFT_Polska Toolbar" = SFT_Polska Toolbar "Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya "Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Test Drive Unlimited 2_is1" = Test Drive Unlimited 2 "UEFA EURO 2012_is1" = UEFA EURO 2012 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ExpressFiles" = ExpressFiles "FoxTab FLV Player" = FoxTab FLV Player "MyPaint" = MyPaint 0.9.1 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-03 05:36:15 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2012-07-03 06:31:03 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mm.exe, wersja 2.2.0.2, sygnatura czasowa 0x00000000, moduł powodujący błąd kernel32.dll, wersja 6.0.6000.16820, sygnatura czasowa 0x49952034, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004fcac, identyfikator procesu 0x1790, godzina rozpoczęcia aplikacji 0x01cd5906e5c51f94. Error - 2012-07-04 14:19:59 | Computer Name = POPR-PC | Source = Application Hang | ID = 1002 Description = Program opera.exe w wersji 12.0.1467.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: ce8 Godzina rozpoczęcia: 01cd5a0bf547b7a2 Godzina zakończenia: 85 Error - 2012-07-05 09:23:47 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6000.16771, sygnatura czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x05ba6a80, identyfikator procesu 0x76c, godzina rozpoczęcia aplikacji 0x01cd5aa69f00223f. Error - 2012-07-05 09:45:21 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.6000.16771, sygnatura czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x047c6a80, identyfikator procesu 0xdb0, godzina rozpoczęcia aplikacji 0x01cd5ab16b03df2f. Error - 2012-07-08 06:02:36 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 06:26:08 | Computer Name = POPR-PC | Source = System Restore | ID = 8193 Description = Error - 2012-07-08 06:47:27 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 16:39:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 16:46:14 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd IEFRAME.dll, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b7a38, kod wyjątku 0xc0000005, przesunięcie błędu 0x001cfd36, identyfikator procesu 0x614, godzina rozpoczęcia aplikacji 0x01cd5d4a9c251835. [ System Events ] Error - 2011-08-09 02:01:27 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 01:17:56 na 2011-08-09 było nieoczekiwane. Error - 2011-08-09 02:01:28 | Computer Name = POPR-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.2.1 odmówił dzierżawy adresu IP 192.168.2.100 dla karty sieciowej o adresie 001A4D5092C9. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-09 10:30:08 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 14:52:09 na 2011-08-09 było nieoczekiwane. Error - 2011-08-11 19:32:18 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 01:30:41 na 2011-08-12 było nieoczekiwane. Error - 2011-08-21 07:41:44 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 13:39:41 na 2011-08-21 było nieoczekiwane. Error - 2011-08-21 10:27:53 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:25:40 na 2011-08-21 było nieoczekiwane. < End of report > [/log]
Gość komentarz 9 lipca 2012 komentarz 9 lipca 2012 Uruchom OTL i w oknie [b]własne opcje skanowni skkrypt[/b] wklej [code]:Files C:\l10.exe C:\lhhr8.exe C:\nhx.exe C:\wq.exe C:\y6cqb2is.exe C:\Windows\SWREG.exe :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....E-001A4D5092C9} IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031817&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. :Commands [emptyflash] [emptytemp][/code] Klinij w [b]Wykonj skrypt[/b] Pobierz dwClener i zstosuj opcje [b]Delete[/b] http://general-changelog-team.fr/outils/289-adwcleaner Po usuwniu robisz noowy skan OTL i przedstwaisz raport
kanalistakp komentarz 9 lipca 2012 Autor komentarz 9 lipca 2012 (edytowane) Oto kolejne logi: OTL: [log]OTL logfile created on: 2012-07-09 21:30:36 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,22% Memory free 4,19 Gb Paging File | 3,82 Gb Available in Paging File | 91,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 22,73 Gb Free Space | 18,94% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe PRC - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-02-03 19:53:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2011-02-03 19:46:35 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2006-11-02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2006-11-02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2006-11-02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2006-11-02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-07-09 21:29:17 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe MOD - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe MOD - [2012-06-28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll MOD - [2012-06-28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll MOD - [2012-06-28 12:27:37 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\icudt.dll MOD - [2012-06-28 12:27:31 | 036,733,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\chrome.dll MOD - [2012-06-28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll MOD - [2012-06-28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll MOD - [2012-06-28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2011-02-05 09:57:40 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2011-02-03 20:41:11 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2011-02-03 20:39:40 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-02-03 20:39:38 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2011-02-03 20:39:32 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2011-02-03 20:39:31 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-02-03 20:36:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll MOD - [2011-02-03 20:34:56 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2011-02-03 20:34:56 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2011-02-03 20:31:23 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll MOD - [2011-02-03 20:31:23 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2011-02-03 20:29:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2011-02-03 20:28:28 | 001,260,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2011-02-03 20:17:21 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2011-02-03 20:08:27 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2011-02-03 20:06:40 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll MOD - [2011-02-03 20:05:49 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2011-02-03 20:03:56 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll MOD - [2011-02-03 20:01:23 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2011-02-03 19:53:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2011-02-03 19:51:44 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll MOD - [2011-02-03 19:51:40 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll MOD - [2011-02-03 19:48:25 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2011-02-03 19:48:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2011-02-03 19:47:59 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2011-02-03 19:46:35 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2011-02-03 19:40:35 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-02-03 19:39:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2011-02-03 19:38:55 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2011-02-03 19:37:40 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2011-02-03 19:37:40 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2011-02-03 19:37:39 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll MOD - [2011-02-03 19:31:29 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2011-02-03 18:55:18 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2011-02-03 18:54:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2011-02-03 18:54:30 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2011-02-03 18:52:19 | 000,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2011-02-03 18:51:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2006-11-02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006-11-02 14:35:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2006-11-02 14:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll MOD - [2006-11-02 14:35:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006-11-02 14:34:48 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006-11-02 14:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006-11-02 14:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2006-11-02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2006-11-02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2006-11-02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2006-11-02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2006-11-02 11:46:14 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2006-11-02 11:46:14 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2006-11-02 11:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2006-11-02 11:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2006-11-02 11:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2006-11-02 11:46:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006-11-02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2006-11-02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006-11-02 11:46:13 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2006-11-02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2006-11-02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2006-11-02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2006-11-02 11:46:13 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2006-11-02 11:46:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2006-11-02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll MOD - [2006-11-02 11:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006-11-02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2006-11-02 11:46:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll MOD - [2006-11-02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2006-11-02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2006-11-02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2006-11-02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2006-11-02 11:46:12 | 001,822,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2006-11-02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2006-11-02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2006-11-02 11:46:12 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2006-11-02 11:46:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2006-11-02 11:46:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2006-11-02 11:46:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2006-11-02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2006-11-02 11:46:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2006-11-02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2006-11-02 11:46:12 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2006-11-02 11:46:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2006-11-02 11:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2006-11-02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll MOD - [2006-11-02 11:46:11 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2006-11-02 11:46:11 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll MOD - [2006-11-02 11:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2006-11-02 11:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2006-11-02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2006-11-02 11:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2006-11-02 11:46:10 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2006-11-02 11:46:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll MOD - [2006-11-02 11:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006-11-02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2006-11-02 11:46:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2006-11-02 11:46:05 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2006-11-02 11:46:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2006-11-02 11:46:05 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2006-11-02 11:46:05 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2006-11-02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2006-11-02 11:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2006-11-02 11:46:05 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2006-11-02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006-11-02 11:46:04 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2006-11-02 11:46:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2006-11-02 11:46:04 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll MOD - [2006-11-02 11:46:04 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2006-11-02 11:46:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2006-11-02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2006-11-02 11:46:03 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll MOD - [2006-11-02 11:46:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2006-11-02 11:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2006-11-02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006-11-02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2006-11-02 11:46:02 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2006-11-02 11:46:02 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2006-11-02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2006-11-02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2006-11-02 11:46:02 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2006-11-02 11:46:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006-11-02 11:44:42 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2006-11-02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2006-11-02 11:44:42 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-02-03 20:21:46 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [Kernel | System | Stopped] -- -- (aswSP) DRV - File not found [Kernel | System | Stopped] -- -- (aswRdr) DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk) DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex) DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt) DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k) DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128" FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0 FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1 FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6 FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.1.830 FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7 FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1 FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1 FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6 FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dllt_Writer.print_unwriteable_margin_top", 0); File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-15 11:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M] [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions [2012-07-09 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80} [2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137} [2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} [2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} [2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} [2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca [2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com [2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com [2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-15 11:58:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{4BE68A18-DEBA-49E0-9E09-EE7796F3B62A} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-07-09 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-08 23:21:55 | 160,919,016 | ---- | C] (Kaspersky Lab) -- C:\Users\POPR\Desktop\kis12.0.0.374pl_pl.exe [2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp [2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real [2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005 [2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11 [2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12 [2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports [2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre [2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-07-09 21:28:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-09 21:27:15 | 4161,843,110 | ---- | M] () -- C:\Windows\System32\ir3cache.dll [2012-07-09 21:27:06 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT [2012-07-09 21:27:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-07-09 21:26:44 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012-07-09 21:26:12 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-07-09 21:26:11 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-07-09 21:26:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-09 21:26:00 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-09 21:26:00 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-09 21:18:49 | 000,618,655 | ---- | M] () -- C:\Users\POPR\Desktop\adwcleaner.exe [2012-07-09 21:12:40 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2012-07-08 23:30:15 | 160,919,016 | ---- | M] (Kaspersky Lab) -- C:\Users\POPR\Desktop\kis12.0.0.374pl_pl.exe [2012-07-08 23:02:38 | 000,801,306 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-07-08 23:02:38 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-07-08 23:02:38 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-07-08 23:02:38 | 000,085,832 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-07-08 23:02:38 | 000,012,232 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 12:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-09 21:18:46 | 000,618,655 | ---- | C] () -- C:\Users\POPR\Desktop\adwcleaner.exe [2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk [2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-01-15 01:21:26 | 4161,843,110 | ---- | C] () -- C:\Windows\System32\ir3cache.dll [2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys [2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys [2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys [2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll [2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe [2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll [2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll [2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys [2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll [2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat [2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll [2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat [2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat [2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat [2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat [2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer [2012-07-09 21:26:44 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent [2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre [2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite [2012-07-09 21:12:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles [2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10 [2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN [2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo [2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0 [2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla [2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech [2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker [2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera [2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin [2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape [2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer [2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys [2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client [2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue [2012-07-09 21:26:44 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012-07-09 21:27:07 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807 < End of report > [/log] Extras: [log]OTL Extras logfile created on: 2012-07-09 21:30:36 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,22% Memory free 4,19 Gb Paging File | 3,82 Gb Available in Paging File | 91,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 22,73 Gb Free Space | 18,94% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{151C44B5-B7E0-4CB8-9CF2-36057B878D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1ABCAAFA-A530-49A4-9CB9-39CBD3F73D92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{45290CE1-6D2F-49D1-9EF4-26721A5F9C90}" = lport=139 | protocol=6 | dir=in | app=system | "{7DDAC2ED-FA3B-4188-8287-623E84296F38}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{84C3631D-34F2-4BEE-9CF0-EA1D54182822}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91FEE5AB-8BBD-40F9-8B7D-F927CE6EF13F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9246EB36-1B4C-4CEF-B852-BCBBDF228209}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{94ABC80D-D5B7-4CDE-B800-2E61DC9C5FD0}" = lport=137 | protocol=17 | dir=in | app=system | "{AA217ECC-E363-4FC0-9884-3D2B7FC7C81B}" = rport=137 | protocol=17 | dir=out | app=system | "{AC95357E-D414-46AA-AB4D-EA7486719138}" = rport=445 | protocol=6 | dir=out | app=system | "{B645F3C4-F28A-4A8D-AF15-3423F77E505A}" = lport=138 | protocol=17 | dir=in | app=system | "{B92551B1-E77A-49D0-BABD-110AE4BC25B4}" = rport=138 | protocol=17 | dir=out | app=system | "{B976DDF0-AFB7-413F-A7B3-CF90FA599A2D}" = rport=139 | protocol=6 | dir=out | app=system | "{E0CFF3BA-30F0-4A7B-9D15-8DB4F1F478EB}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009ED2A7-39CF-4D58-AF1A-D95B8A998842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{06885876-3DEE-45BA-80A0-FE6DA92A3773}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{0EBD0235-A6C6-4A3D-B9CD-475538D8BEDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{1B1E6320-63E1-49B9-ADD5-356DD50AAD65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1BEABCCC-7AC2-47DE-8A51-EA2571C8A66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe | "{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{48306E55-68E2-414B-A9B6-567004DF7BB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{9312A5FA-F014-400D-A118-F95D721912EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{BC12A978-F418-4218-80DC-9B64DFCD679D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{D7032544-596C-44EB-9A56-6A16C72304A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe | "{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe | "TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe | "TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe | "TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe | "TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe | "TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe | "UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe | "UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe | "UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe | "UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe | "UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5 "{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{531336A9-55EB-4367-8064-7180849D5676}" = calibre "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU "{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1 "{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "BitTorrent" = BitTorrent "BitTorrentBar Toolbar" = BitTorrentBar Toolbar "Catching Features Demo" = Catching Features Demo (remove only) "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DAEMON Tools Lite" = DAEMON Tools Lite "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości "GOM Player" = GOM Player "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "iLivid" = iLivid "InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Logo Design Studio2.1.31" = Logo Design Studio "LogoMaker_is1" = LogoMaker 3.0 "MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23) "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 12.00.1467" = Opera 12.00 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PIT Format 2011_is1" = PIT Format 2011 "Postal 2" = Postal 2 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "SearchCore for Browsers" = SearchCore for Browsers "SFT_Polska Toolbar" = SFT_Polska Toolbar "Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya "Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Test Drive Unlimited 2_is1" = Test Drive Unlimited 2 "UEFA EURO 2012_is1" = UEFA EURO 2012 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ExpressFiles" = ExpressFiles "FoxTab FLV Player" = FoxTab FLV Player "MyPaint" = MyPaint 0.9.1 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-05 09:23:47 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6000.16771, sygnatura czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x05ba6a80, identyfikator procesu 0x76c, godzina rozpoczęcia aplikacji 0x01cd5aa69f00223f. Error - 2012-07-05 09:45:21 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.6000.16771, sygnatura czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x047c6a80, identyfikator procesu 0xdb0, godzina rozpoczęcia aplikacji 0x01cd5ab16b03df2f. Error - 2012-07-08 06:02:36 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 06:26:08 | Computer Name = POPR-PC | Source = System Restore | ID = 8193 Description = Error - 2012-07-08 06:47:27 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 16:39:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-08 16:46:14 | Computer Name = POPR-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd IEFRAME.dll, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b7a38, kod wyjątku 0xc0000005, przesunięcie błędu 0x001cfd36, identyfikator procesu 0x614, godzina rozpoczęcia aplikacji 0x01cd5d4a9c251835. Error - 2012-07-09 15:16:20 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-09 15:24:08 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = Error - 2012-07-09 15:28:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 2011-08-09 02:01:27 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 01:17:56 na 2011-08-09 było nieoczekiwane. Error - 2011-08-09 02:01:28 | Computer Name = POPR-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.2.1 odmówił dzierżawy adresu IP 192.168.2.100 dla karty sieciowej o adresie 001A4D5092C9. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-09 10:30:08 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 14:52:09 na 2011-08-09 było nieoczekiwane. Error - 2011-08-11 19:32:18 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 01:30:41 na 2011-08-12 było nieoczekiwane. Error - 2011-08-21 07:41:44 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 13:39:41 na 2011-08-21 było nieoczekiwane. Error - 2011-08-21 10:27:53 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:25:40 na 2011-08-21 było nieoczekiwane. < End of report > [/log] Niestety puki co brak zmian co do wirusa. Dalej widnieje tapetka wyłudzająca pieniądze która blokuje wszystko.</key></extension></extension>
Gość komentarz 10 lipca 2012 komentarz 10 lipca 2012 (edytowane) Uruchom OTL i w oknie własne opcje skanowania/skrypt wklej: [code]:OTL IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found. O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe () @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807 :Files C:\Users\POPR\AppData\Local\Microsoft\Windows\3506 :Commands [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b] Przedstaw też raport z [b]ComboFix[/b] bo był tu uzywany.
kanalistakp komentarz 10 lipca 2012 Autor komentarz 10 lipca 2012 Kolejne logi na wszelki wypadek: [log] OTL logfile created on: 2012-07-10 21:43:35 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,68% Memory free 4,23 Gb Paging File | 2,58 Gb Available in Paging File | 60,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 25,86 Gb Free Space | 21,55% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,67 Gb Free Space | 42,14% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,48 Gb Free Space | 81,17% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe PRC - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2012-05-16 20:19:25 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe PRC - [2012-04-26 11:14:07 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012-04-17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2012-03-11 16:10:32 | 000,453,240 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\ExpressFiles.exe PRC - [2012-03-11 16:10:32 | 000,172,664 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\EFupdater.exe PRC - [2012-03-02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe PRC - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe PRC - [2011-04-17 13:11:04 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe PRC - [2011-02-03 20:39:19 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2011-02-03 19:56:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-02-03 19:53:50 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2010-07-09 17:37:10 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008-01-19 09:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe PRC - [2008-01-19 09:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 09:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe PRC - [2008-01-19 09:33:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2008-01-19 09:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2008-01-19 09:33:28 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2008-01-19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2008-01-19 09:33:22 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2008-01-19 09:33:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-07-10 18:46:56 | 000,042,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\pxstub.ppl MOD - [2012-07-10 18:46:34 | 002,138,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\basegui.ppl MOD - [2012-07-10 18:46:23 | 003,744,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpgui.ppl MOD - [2012-07-10 15:15:45 | 000,209,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblc.dll MOD - [2012-07-10 15:15:34 | 000,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kltbar.dll MOD - [2012-07-10 15:11:56 | 000,422,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpmain.dll MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe MOD - [2012-06-19 17:52:51 | 000,278,352 | ---- | M] (Valve Corporation) -- D:\Steam\crashhandler.dll MOD - [2012-06-19 17:52:49 | 006,765,392 | ---- | M] (Valve Corporation) -- D:\Steam\steamclient.dll MOD - [2012-06-19 17:52:49 | 000,237,904 | ---- | M] (Valve Corporation) -- D:\Steam\tier0_s.dll MOD - [2012-06-19 17:52:49 | 000,210,256 | ---- | M] (Valve Corporation) -- D:\Steam\vstdlib_s.dll MOD - [2012-06-19 17:52:49 | 000,122,864 | ---- | M] (Valve) -- D:\Steam\CSERHelper.dll MOD - [2012-06-19 17:52:47 | 001,741,136 | ---- | M] (Valve Corporation) -- d:\Steam\bin\ServerBrowser.dll MOD - [2012-06-19 17:52:47 | 000,669,008 | ---- | M] (Valve Corporation) -- D:\Steam\bin\vgui2_s.dll MOD - [2012-06-19 17:52:46 | 020,313,384 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012-06-19 17:52:44 | 009,955,112 | ---- | M] (The ICU Project) -- D:\Steam\bin\icudt.dll MOD - [2012-06-19 17:52:44 | 002,328,400 | ---- | M] (Valve Corporation) -- d:\Steam\bin\friendsUI.dll MOD - [2012-06-19 17:52:44 | 000,895,312 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012-06-19 17:52:44 | 000,168,272 | ---- | M] (Valve Corporation) -- D:\Steam\bin\FileSystem_Steam.dll MOD - [2012-06-19 17:52:43 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012-06-19 17:52:43 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012-06-19 17:52:42 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012-06-19 17:52:39 | 002,975,056 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.dll MOD - [2012-06-19 17:52:14 | 001,039,192 | ---- | M] (Microsoft Corporation) -- D:\Steam\dbghelp.dll MOD - [2012-06-19 17:52:11 | 004,028,752 | ---- | M] (Valve Corporation) -- D:\Steam\SteamUI.dll MOD - [2012-05-16 20:19:25 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe MOD - [2012-04-26 11:14:07 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe MOD - [2012-04-17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe MOD - [2012-04-17 17:19:08 | 004,860,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll MOD - [2012-04-17 17:18:40 | 003,725,120 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\Engine.dll MOD - [2012-04-06 12:22:56 | 000,382,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Lite\imgengine.dll MOD - [2012-03-11 16:10:33 | 000,936,960 | ---- | M] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Program Files\ExpressFiles\htmlayout.dll MOD - [2012-03-11 16:10:32 | 000,453,240 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\ExpressFiles.exe MOD - [2012-03-11 16:10:32 | 000,172,664 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\EFupdater.exe MOD - [2012-03-02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe MOD - [2012-01-26 08:26:12 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2012-01-26 08:26:12 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2012-01-26 08:25:33 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll MOD - [2012-01-26 08:25:33 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll MOD - [2011-10-18 19:05:34 | 000,042,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll MOD - [2011-10-10 12:09:26 | 000,555,168 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll MOD - [2011-10-10 12:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll MOD - [2011-09-28 12:03:10 | 000,090,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll MOD - [2011-09-28 12:03:08 | 001,114,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\params.ppl MOD - [2011-09-28 12:03:08 | 000,180,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\shellex.dll MOD - [2011-09-28 12:03:08 | 000,147,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\scrchpg.dll MOD - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe MOD - [2011-04-24 23:14:30 | 000,041,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\thpimpl.ppl MOD - [2011-04-24 23:14:28 | 000,038,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\winreg.ppl MOD - [2011-04-24 23:14:06 | 000,115,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\nfio.ppl MOD - [2011-04-24 23:13:56 | 000,021,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\fsdrvplg.ppl MOD - [2011-04-24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011-04-24 23:13:28 | 000,274,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\service.dll MOD - [2011-04-24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011-04-24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011-04-24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011-04-24 23:13:26 | 000,074,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\memmon.dll MOD - [2011-04-24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011-04-24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011-04-24 23:13:22 | 000,270,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll MOD - [2011-04-24 23:13:22 | 000,147,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll MOD - [2011-04-24 23:13:16 | 000,582,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\localization_manager.dll MOD - [2011-04-24 23:13:12 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll MOD - [2011-04-24 23:13:12 | 000,070,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbcl.dll MOD - [2011-04-24 23:13:10 | 000,030,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klscav.dll MOD - [2011-04-24 23:13:06 | 000,086,416 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll MOD - [2011-04-24 23:13:02 | 000,098,704 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\fssync.dll MOD - [2011-04-24 23:13:00 | 000,967,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\eka_meta.dll MOD - [2011-04-24 23:13:00 | 000,315,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\esmgr.dll MOD - [2011-04-24 23:12:58 | 000,123,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\dumpwriter.dll MOD - [2011-04-24 23:12:56 | 000,019,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\clldr.dll MOD - [2011-04-24 23:12:54 | 000,012,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpinit.dll MOD - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe MOD - [2011-04-20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011-04-17 13:11:04 | 006,163,104 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\Flash10p.ocx MOD - [2011-04-17 13:11:04 | 000,311,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.dll MOD - [2011-04-17 13:11:04 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe MOD - [2011-02-08 22:56:07 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Java\jre6\bin\msvcr71.dll MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2011-02-05 09:57:40 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2011-02-03 20:41:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2011-02-03 20:41:10 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll MOD - [2011-02-03 20:39:25 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll MOD - [2011-02-03 20:39:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-02-03 20:39:24 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll MOD - [2011-02-03 20:39:24 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll MOD - [2011-02-03 20:39:23 | 006,069,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2011-02-03 20:39:23 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll MOD - [2011-02-03 20:39:21 | 003,585,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll MOD - [2011-02-03 20:39:19 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe MOD - [2011-02-03 20:39:18 | 001,174,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2011-02-03 20:39:18 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-02-03 20:34:55 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2011-02-03 20:34:55 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2011-02-03 20:29:28 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2011-02-03 20:28:26 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2011-02-03 20:17:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2011-02-03 20:08:27 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2011-02-03 20:05:49 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2011-02-03 20:03:55 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll MOD - [2011-02-03 20:01:22 | 011,580,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-02-03 19:56:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2011-02-03 19:53:50 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll MOD - [2011-02-03 19:53:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2011-02-03 19:51:02 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll MOD - [2011-02-03 19:50:58 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll MOD - [2011-02-03 19:47:56 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2011-02-03 19:46:32 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2011-02-03 19:44:58 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll MOD - [2011-02-03 19:40:33 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-02-03 19:38:54 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2011-02-03 18:56:44 | 000,541,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll MOD - [2011-02-03 18:56:44 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll MOD - [2011-02-03 18:55:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2011-02-03 18:54:29 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2011-01-30 17:45:14 | 000,062,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MOD - [2011-01-30 17:45:12 | 000,064,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MOD - [2010-07-10 06:37:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll MOD - [2010-03-15 12:28:22 | 000,142,336 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009-02-26 18:07:12 | 000,060,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL MOD - [2008-01-19 09:38:14 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2008-01-19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008-01-19 09:38:02 | 000,155,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 09:37:11 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2008-01-19 09:37:11 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll MOD - [2008-01-19 09:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2008-01-19 09:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2008-01-19 09:37:10 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2008-01-19 09:37:10 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 09:37:09 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2008-01-19 09:37:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll MOD - [2008-01-19 09:36:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2008-01-19 09:36:57 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2008-01-19 09:36:56 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2008-01-19 09:36:55 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2008-01-19 09:36:55 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll MOD - [2008-01-19 09:36:55 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2008-01-19 09:36:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll MOD - [2008-01-19 09:36:52 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2008-01-19 09:36:52 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll MOD - [2008-01-19 09:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll MOD - [2008-01-19 09:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2008-01-19 09:36:49 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2008-01-19 09:36:49 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2008-01-19 09:36:48 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2008-01-19 09:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 09:36:47 | 000,765,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll MOD - [2008-01-19 09:36:47 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 09:36:47 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2008-01-19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2008-01-19 09:36:46 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2008-01-19 09:36:41 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll MOD - [2008-01-19 09:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008-01-19 09:36:39 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll MOD - [2008-01-19 09:36:38 | 002,204,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2008-01-19 09:36:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll MOD - [2008-01-19 09:36:38 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll MOD - [2008-01-19 09:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2008-01-19 09:36:36 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2008-01-19 09:36:35 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2008-01-19 09:36:34 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2008-01-19 09:36:30 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll MOD - [2008-01-19 09:36:29 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2008-01-19 09:36:25 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2008-01-19 09:36:24 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2008-01-19 09:36:24 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll MOD - [2008-01-19 09:36:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2008-01-19 09:36:17 | 000,456,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll MOD - [2008-01-19 09:36:17 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll MOD - [2008-01-19 09:36:15 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll MOD - [2008-01-19 09:36:15 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll MOD - [2008-01-19 09:36:14 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2008-01-19 09:36:12 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2008-01-19 09:36:11 | 000,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2008-01-19 09:36:11 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll MOD - [2008-01-19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2008-01-19 09:36:07 | 001,823,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2008-01-19 09:36:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2008-01-19 09:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2008-01-19 09:36:06 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll MOD - [2008-01-19 09:36:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll MOD - [2008-01-19 09:36:02 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2008-01-19 09:36:02 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll MOD - [2008-01-19 09:36:01 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2008-01-19 09:36:01 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2008-01-19 09:36:01 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2008-01-19 09:36:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll MOD - [2008-01-19 09:36:01 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2008-01-19 09:35:59 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2008-01-19 09:35:58 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2008-01-19 09:35:58 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 09:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2008-01-19 09:35:37 | 003,173,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2008-01-19 09:35:35 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll MOD - [2008-01-19 09:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2008-01-19 09:35:15 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2008-01-19 09:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2008-01-19 09:35:14 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll MOD - [2008-01-19 09:35:13 | 001,696,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll MOD - [2008-01-19 09:35:13 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008-01-19 09:35:13 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll MOD - [2008-01-19 09:35:13 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll MOD - [2008-01-19 09:35:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll MOD - [2008-01-19 09:35:11 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll MOD - [2008-01-19 09:35:10 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll MOD - [2008-01-19 09:35:10 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll MOD - [2008-01-19 09:34:59 | 000,476,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll MOD - [2008-01-19 09:34:55 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2008-01-19 09:34:55 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll MOD - [2008-01-19 09:34:54 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2008-01-19 09:34:54 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll MOD - [2008-01-19 09:34:52 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2008-01-19 09:34:49 | 002,011,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll MOD - [2008-01-19 09:34:49 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2008-01-19 09:34:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2008-01-19 09:34:46 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll MOD - [2008-01-19 09:34:34 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2008-01-19 09:34:33 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2008-01-19 09:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2008-01-19 09:34:33 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll MOD - [2008-01-19 09:34:32 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2008-01-19 09:34:28 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\iebrshim.dll MOD - [2008-01-19 09:34:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll MOD - [2008-01-19 09:34:23 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2008-01-19 09:34:22 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2008-01-19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll MOD - [2008-01-19 09:34:21 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll MOD - [2008-01-19 09:34:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll MOD - [2008-01-19 09:34:20 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2008-01-19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll MOD - [2008-01-19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll MOD - [2008-01-19 09:34:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2008-01-19 09:34:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2008-01-19 09:34:07 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2008-01-19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008-01-19 09:34:07 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll MOD - [2008-01-19 09:34:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2008-01-19 09:34:05 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2008-01-19 09:34:03 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll MOD - [2008-01-19 09:34:03 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2008-01-19 09:34:03 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2008-01-19 09:34:03 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll MOD - [2008-01-19 09:34:01 | 001,788,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll MOD - [2008-01-19 09:34:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll MOD - [2008-01-19 09:34:00 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2008-01-19 09:34:00 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll MOD - [2008-01-19 09:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2008-01-19 09:33:59 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll MOD - [2008-01-19 09:33:58 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 09:33:52 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2008-01-19 09:33:51 | 001,111,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll MOD - [2008-01-19 09:33:50 | 000,323,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll MOD - [2008-01-19 09:33:49 | 001,324,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2008-01-19 09:33:49 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2008-01-19 09:33:47 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2008-01-19 09:33:47 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2008-01-19 09:33:45 | 001,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll MOD - [2008-01-19 09:33:45 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll MOD - [2008-01-19 09:33:45 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll MOD - [2008-01-19 09:33:45 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2008-01-19 09:33:43 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2008-01-19 09:33:43 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008-01-19 09:33:41 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcRedir.dll MOD - [2008-01-19 09:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe MOD - [2008-01-19 09:33:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe MOD - [2008-01-19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe MOD - [2008-01-19 09:33:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-01-19 09:32:56 | 001,122,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl MOD - [2008-01-19 09:32:56 | 000,990,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2008-01-19 09:32:56 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2008-01-19 09:32:56 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2008-01-19 09:32:56 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv MOD - [2008-01-19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll MOD - [2008-01-19 09:26:33 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll MOD - [2006-11-02 14:35:10 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\radarrs.dll MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006-11-02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006-11-02 11:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shimeng.dll MOD - [2006-11-02 11:46:13 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll MOD - [2006-11-02 11:46:12 | 000,707,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\opengl32.dll MOD - [2006-11-02 11:46:12 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pautoenr.dll MOD - [2006-11-02 11:46:12 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006-11-02 11:46:05 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\glu32.dll MOD - [2006-11-02 11:46:05 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll MOD - [2006-11-02 11:46:04 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltLib.dll MOD - [2006-11-02 11:46:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddrawex.dll MOD - [2006-11-02 11:46:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-07-10 14:50:42 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex) DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt) DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Unknown] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k) DRV - [2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source"]http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source[/url]?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gazeta.pl/0,0.html?p=128"]http://www.gazeta.pl/0,0.html?p=128[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source"]http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source[/url]?} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = [url="http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms"]http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms[/url]} IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={sear"]http://www.google.com/search?q={sear[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/url] IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "[url="http://www.gazeta.pl/0,0.html?p=128"]http://www.gazeta.pl/0,0.html?p=128[/url]" FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: [email="add-to-searchbox@maltekraus.de:2.0"]add-to-searchbox@maltekraus.de:2.0[/email] FF - prefs.js..extensions.enabledItems: [email="nosquint@urandom.ca:2.1"]nosquint@urandom.ca:2.1[/email] FF - prefs.js..extensions.enabledItems: [email="tabprogressbar@studio17.wordpress.com:0.6"]tabprogressbar@studio17.wordpress.com:0.6[/email] FF - prefs.js..extensions.enabledItems: [email="vinceturk@gmail.com:2.7.1.830"]vinceturk@gmail.com:2.7.1.830[/email] FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7 FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1 FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1 FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6 FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: [email="wrc@avast.com:6.0.1289"]wrc@avast.com:6.0.1289[/email] FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: [email="ffxtlbr@babylon.com:1.1.9"]ffxtlbr@babylon.com:1.1.9[/email] FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10 FF - prefs.js..extensions.enabledItems: [email="plugin@yontoo.com:1.20.00"]plugin@yontoo.com:1.20.00[/email] FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dllt_Writer.print_unwriteable_margin_top", 0); File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-07-10 18:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-07-10 18:51:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-07-10 18:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M] [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions [2012-07-09 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80} [2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137} [2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} [2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} [2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} [2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de [2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca [2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com [2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com [2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{4BE68A18-DEBA-49E0-9E09-EE7796F3B62A} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847} File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = [url="http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9[/url]} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Blokowanie baner\u00F3w = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Blokowanie baner\u00F3w = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lineage II Freya PL.lnk - - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestrowanie produktów Corela.lnk - - File not found MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]avast5[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Best Malware Protection[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: [b]DATAMNGR[/b] - hkey= - key= - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) MsConfig - StartUpReg: [b]EA Core[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ehTray.exe[/b] - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]facemoods[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) MsConfig - StartUpReg: [b]PKTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ProfilerU[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) MsConfig - StartUpReg: [b]SaiMfd[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek) MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Spol[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]WINKL[/b] - hkey= - key= - File not found MsConfig - State: "startup" - 1 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-07-10 20:12:08 | 000,000,000 | ---D | C] -- C:\PerfLogs [2012-07-10 14:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012-07-10 14:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012-07-10 14:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012-07-10 14:50:42 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012-07-09 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp [2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real [2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005 [2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11 [2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12 [2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports [2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre [2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-07-10 21:42:39 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT [2012-07-10 20:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-10 20:25:53 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-07-10 20:25:52 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-07-10 20:25:48 | 000,988,600 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-07-10 20:25:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-07-10 20:25:48 | 000,183,812 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-07-10 20:25:48 | 000,126,702 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-07-10 20:25:48 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-07-10 20:25:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-10 20:25:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012-07-10 20:24:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-10 20:24:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-10 20:24:33 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2012-07-10 20:19:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-07-10 20:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-10 20:18:48 | 000,357,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-07-10 20:18:04 | 4213,950,873 | ---- | M] () -- C:\Windows\System32\ir3cache.dll [2012-07-10 19:39:15 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2012-07-10 19:39:06 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2012-07-10 14:56:48 | 000,017,408 | ---- | M] () -- C:\Users\POPR\AppData\Local\WebpageIcons.db [2012-07-10 14:54:40 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012-07-10 14:54:40 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012-07-10 14:50:42 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012-07-09 21:12:40 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe [2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-10 20:25:29 | 000,000,949 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-07-10 14:56:41 | 000,017,408 | ---- | C] () -- C:\Users\POPR\AppData\Local\WebpageIcons.db [2012-07-10 14:54:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012-07-10 14:54:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk [2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-01-15 01:21:26 | 4213,950,873 | ---- | C] () -- C:\Windows\System32\ir3cache.dll [2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys [2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys [2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys [2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll [2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe [2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll [2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll [2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys [2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll [2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat [2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll [2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat [2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat [2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat [2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat [2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat [2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-02-06 22:19:15 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2011-02-06 22:18:52 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-02-06 22:18:49 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer [2012-07-10 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent [2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre [2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite [2012-07-10 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles [2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10 [2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN [2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo [2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0 [2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto [2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla [2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech [2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker [2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera [2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin [2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape [2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer [2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM [2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys [2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client [2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue [2012-07-10 20:25:00 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012-07-10 20:14:20 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2012-07-09 21:24:40 | 000,054,122 | ---- | M] () -- C:\AdwCleaner[S1].txt [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009-12-09 19:33:06 | 000,000,197 | ---- | M] () -- C:\csb.log [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-03-17 18:50:58 | 000,000,143 | ---- | M] () -- C:\KWINST.LOG [2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-21 20:20:49 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml [2012-07-10 20:17:42 | 2459,709,440 | -HS- | M] () -- C:\pagefile.sys [2009-12-09 19:33:06 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log [2012-03-11 16:10:45 | 000,000,310 | ---- | M] () -- C:\user.js [2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807 < End of report > [/log] Extras: [log]OTL Extras logfile created on: 2012-07-10 21:43:35 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,68% Memory free 4,23 Gb Paging File | 2,58 Gb Available in Paging File | 60,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 120,00 Gb Total Space | 25,86 Gb Free Space | 21,55% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 71,67 Gb Free Space | 42,14% Space Free | Partition Type: NTFS Drive E: | 7,98 Gb Total Space | 6,48 Gb Free Space | 81,17% Space Free | Partition Type: NTFS Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe | "{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe | "{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe | "{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe | "TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe | "TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe | "TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe | "TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe | "TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe | "TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe | "TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe | "TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe | "UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe | "UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe | "UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe | "UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe | "UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe | "UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe | "UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe | "UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe | "UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe | "UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe | "UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe | "UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5 "{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{531336A9-55EB-4367-8064-7180849D5676}" = calibre "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU "{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1 "{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "BitTorrent" = BitTorrent "BitTorrentBar Toolbar" = BitTorrentBar Toolbar "Catching Features Demo" = Catching Features Demo (remove only) "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DAEMON Tools Lite" = DAEMON Tools Lite "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "Gadu-Gadu 10" = Gadu-Gadu 10 "Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości "GOM Player" = GOM Player "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "iLivid" = iLivid "InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Logo Design Studio2.1.31" = Logo Design Studio "LogoMaker_is1" = LogoMaker 3.0 "MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23) "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 12.00.1467" = Opera 12.00 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PIT Format 2011_is1" = PIT Format 2011 "Postal 2" = Postal 2 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "SearchCore for Browsers" = SearchCore for Browsers "SFT_Polska Toolbar" = SFT_Polska Toolbar "Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya "Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Test Drive Unlimited 2_is1" = Test Drive Unlimited 2 "UEFA EURO 2012_is1" = UEFA EURO 2012 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ExpressFiles" = ExpressFiles "FoxTab FLV Player" = FoxTab FLV Player "MyPaint" = MyPaint 0.9.1 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-10 15:04:18 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:04:25 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2012-07-10 15:04:26 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2012-07-10 15:04:29 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:04:29 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:04:38 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:04:39 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:04:58 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:05:44 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2012-07-10 15:05:46 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ System Events ] Error - 2012-07-10 07:48:55 | Computer Name = POPR-PC | Source = DCOM | ID = 10005 Description = Error - 2012-07-10 10:22:04 | Computer Name = POPR-PC | Source = bowser | ID = 8003 Description = Error - 2012-07-10 13:09:56 | Computer Name = POPR-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 18:59:56 na 2012-07-10 było nieoczekiwane. Error - 2012-07-10 13:10:03 | Computer Name = POPR-PC | Source = Print | ID = 19 Description = Bufor wydruku nie może udostępnić drukarki Wysyłanie do programu OneNote 2007 z nazwą udostępnionego zasobu Wysyłanie do programu OneNote 2007. Błąd 2114. Inne osoby w sieci nie mogą korzystać z drukarki. Error - 2012-07-10 13:10:03 | Computer Name = POPR-PC | Source = Print | ID = 19 Description = Bufor wydruku nie może udostępnić drukarki HP Officejet J4500 Series z nazwą udostępnionego zasobu HP Officejet J4500 Series. Błąd 2114. Inne osoby w sieci nie mogą korzystać z drukarki. Error - 2012-07-10 14:19:00 | Computer Name = POPR-PC | Source = HTTP | ID = 15016 Description = Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7023 Description = Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2012-07-10 14:24:26 | Computer Name = POPR-PC | Source = Microsoft-Windows-Eventlog | ID = 30 Description = < End of report > [/log] Wrzucilem logi z OTL'a poniewaz nie jest to moj komputer a osoba ktora z niego korzysta uzyla ComboFixa na przyslowiowa 'pale' i nie moge znalezc raportu. Co do tego co dla mnie zrobiles to wielkie dziekuje Wirus zostal usuniety i ponownie moge korzystac z komputera. Piwo dla Ciebie! Masz leb!
Gość komentarz 10 lipca 2012 komentarz 10 lipca 2012 (edytowane) Podaj mi tylko ścieżkę do instalki Combofixa. To narzedzie nie zajmuje się usuwanie tej infekcji. Chodzi mi o prawidłowe odinstalowanie. Jeśli na dysku nie ma [b]ComboFix.exe[/b] należy go jeszcze raz pobrać i umieśći tam gdzie był oraz podac ścieżkę do pliku.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.