x-kom hosting

Nowy wirus

kanalistakp
utworzono
utworzono

Witam :) W sieci ostatnio pojawił się nowy wirus który jest znany jako 'Weelsof', albo jakoś tak ('komputer został zablokowany z powody naruszenia prawa polskiego'). W każdym razie polecane jest użycie combo-fixa. Co do tego jestem bardzo nieufny ponieważ czytałem że program to już końcowa ostateczność (na tym forum). Dlatego wstawiłem loga z OTL'a i moje pytanie brzmi: Czy pomożecie mi usunąć go za pomocą sameg OTL'a? :) Z góry mówie że jestem zielony i dziękuje za jakąkolwiek pomoc.

A oto log:
[log]OTL logfile created on: 2012-07-08 23:05:41 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,82% Memory free
4,19 Gb Paging File | 3,69 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 21,56 Gb Free Space | 17,97% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
PRC - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-02-03 19:53:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011-02-03 19:46:35 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2006-11-02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2006-11-02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2006-11-02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2006-11-02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
MOD - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
MOD - [2012-06-28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012-06-28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012-06-28 12:27:37 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\icudt.dll
MOD - [2012-06-28 12:27:31 | 036,733,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\chrome.dll
MOD - [2012-06-28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012-06-28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012-06-28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012-06-28 10:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012-01-09 16:27:56 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
MOD - [2011-10-10 12:09:26 | 000,555,168 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll
MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2011-02-05 09:57:40 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2011-02-03 20:41:11 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2011-02-03 20:39:40 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-02-03 20:39:38 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2011-02-03 20:39:32 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-02-03 20:39:31 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-02-03 20:36:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
MOD - [2011-02-03 20:34:56 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2011-02-03 20:34:56 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2011-02-03 20:31:23 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll
MOD - [2011-02-03 20:31:23 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2011-02-03 20:29:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2011-02-03 20:17:21 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2011-02-03 20:08:27 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011-02-03 20:06:40 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
MOD - [2011-02-03 20:05:49 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2011-02-03 20:03:56 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll
MOD - [2011-02-03 20:01:23 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2011-02-03 19:53:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2011-02-03 19:53:52 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2011-02-03 19:51:44 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
MOD - [2011-02-03 19:51:40 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2011-02-03 19:48:25 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2011-02-03 19:48:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2011-02-03 19:47:59 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2011-02-03 19:46:35 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2011-02-03 19:40:35 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-02-03 19:39:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2011-02-03 19:38:55 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2011-02-03 19:37:40 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2011-02-03 19:37:40 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2011-02-03 19:37:39 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2011-02-03 19:31:29 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2011-02-03 18:55:18 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2011-02-03 18:54:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2011-02-03 18:54:30 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2011-02-03 18:52:19 | 000,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2011-02-03 18:51:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2010-03-15 12:28:22 | 000,142,336 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006-11-02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 14:35:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2006-11-02 14:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2006-11-02 14:35:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2006-11-02 14:34:48 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2006-11-02 14:34:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll
MOD - [2006-11-02 14:34:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2006-11-02 14:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2006-11-02 14:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2006-11-02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2006-11-02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2006-11-02 11:46:16 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
MOD - [2006-11-02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2006-11-02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2006-11-02 11:46:14 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2006-11-02 11:46:14 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2006-11-02 11:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
MOD - [2006-11-02 11:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2006-11-02 11:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2006-11-02 11:46:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2006-11-02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2006-11-02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2006-11-02 11:46:13 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2006-11-02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2006-11-02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2006-11-02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2006-11-02 11:46:13 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2006-11-02 11:46:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2006-11-02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2006-11-02 11:46:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
MOD - [2006-11-02 11:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2006-11-02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2006-11-02 11:46:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2006-11-02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2006-11-02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2006-11-02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2006-11-02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2006-11-02 11:46:12 | 001,822,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2006-11-02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2006-11-02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2006-11-02 11:46:12 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2006-11-02 11:46:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2006-11-02 11:46:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2006-11-02 11:46:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2006-11-02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2006-11-02 11:46:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2006-11-02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2006-11-02 11:46:12 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2006-11-02 11:46:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2006-11-02 11:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2006-11-02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2006-11-02 11:46:11 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2006-11-02 11:46:11 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2006-11-02 11:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
MOD - [2006-11-02 11:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2006-11-02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2006-11-02 11:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2006-11-02 11:46:10 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2006-11-02 11:46:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2006-11-02 11:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2006-11-02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2006-11-02 11:46:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2006-11-02 11:46:05 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2006-11-02 11:46:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2006-11-02 11:46:05 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2006-11-02 11:46:05 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2006-11-02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2006-11-02 11:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2006-11-02 11:46:05 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2006-11-02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2006-11-02 11:46:04 | 000,445,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2006-11-02 11:46:04 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2006-11-02 11:46:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2006-11-02 11:46:04 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2006-11-02 11:46:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2006-11-02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2006-11-02 11:46:03 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2006-11-02 11:46:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2006-11-02 11:46:03 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2006-11-02 11:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
MOD - [2006-11-02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2006-11-02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2006-11-02 11:46:02 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2006-11-02 11:46:02 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2006-11-02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2006-11-02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2006-11-02 11:46:02 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
MOD - [2006-11-02 11:46:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006-11-02 11:44:42 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2006-11-02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2006-11-02 11:44:42 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006-11-02 11:38:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-02-03 20:21:46 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi)
DRV - File not found [Kernel | System | Stopped] -- -- (aswSP)
DRV - File not found [Kernel | System | Stopped] -- -- (aswRdr)
DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk)
DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex)
DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt)
DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k)
DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9}
IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={914BE104-A699-11E1-A7AE-001A4D5092C9}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=kno&s={searchTerms}&f=4
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=14976849000000000000001a4d5092c9
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031817
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={914BE104-A699-11E1-A7AE-001A4D5092C9}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "SFT_Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.1.830
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031817&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-15 11:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M]

[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions
[2012-06-22 23:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}
[2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}
[2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011-04-09 19:59:33 | 000,000,000 | ---D | M] (Billeo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}
[2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2011-10-22 21:28:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}
[2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
[2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011-08-26 22:55:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012-05-25 20:44:00 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de
[2011-04-17 07:16:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\engine@conduit.com
[2011-11-08 08:44:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\ffxtlbr@babylon.com
[2011-08-27 14:06:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\ffxtlbr@Facemoods.com
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca
[2012-05-25 20:44:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\plugin@yontoo.com
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com
[2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com
[2011-08-04 10:31:04 | 000,000,923 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\conduit.xml
[2011-10-22 21:28:50 | 000,002,520 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\SearchResults.xml
[2012-05-27 12:28:19 | 000,004,113 | ---- | M] () -- C:\Users\POPR\AppData\Roaming\Mozilla\Firefox\Profiles\jyjkpelx.default\searchplugins\sweetim.xml
[2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-10-15 11:58:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-03-11 16:10:39 | 000,002,298 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-08-27 16:00:09 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-10-22 21:28:50 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SFT_Polska Toolbar) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_Polska Toolbar) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lineage II Freya PL.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestrowanie produktów Corela.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig - StartUpReg: [b]avast5[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Best Malware Protection[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]DATAMNGR[/b] - hkey= - key= - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
MsConfig - StartUpReg: [b]EA Core[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ehTray.exe[/b] - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]facemoods[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]PKTray[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ProfilerU[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig - StartUpReg: [b]SaiMfd[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]Spol[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]WINKL[/b] - hkey= - key= - File not found
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp
[2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-07-08 12:25:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real
[2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005
[2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11
[2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12
[2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
[2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-05-25 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012-05-25 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012-05-25 20:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012-05-25 20:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre
[2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-07-08 23:04:10 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT
[2012-07-08 23:02:38 | 000,801,306 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012-07-08 23:02:38 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-07-08 23:02:38 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-07-08 23:02:38 | 000,085,832 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-07-08 23:02:38 | 000,012,232 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 22:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-08 19:26:26 | 4161,796,060 | ---- | M] () -- C:\Windows\System32\ir3cache.dll
[2012-07-08 19:25:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-07-08 19:25:05 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012-07-08 19:24:10 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-08 19:24:10 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-08 19:24:07 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-08 12:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-08 12:01:12 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-07-08 12:01:11 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-07-06 16:06:01 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk
[2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-01-15 01:21:26 | 4161,796,060 | ---- | C] () -- C:\Windows\System32\ir3cache.dll
[2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys
[2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys
[2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys
[2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll
[2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe
[2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll
[2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll
[2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys
[2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll
[2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll
[2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat
[2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-11-08 08:44:41 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Babylon
[2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer
[2012-07-08 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent
[2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre
[2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite
[2012-07-08 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles
[2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10
[2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN
[2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo
[2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0
[2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla
[2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech
[2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker
[2011-02-20 18:20:12 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\OpenCandy
[2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera
[2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin
[2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape
[2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer
[2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys
[2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client
[2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue
[2012-07-08 19:25:05 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012-07-08 19:25:35 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009-12-09 19:33:06 | 000,000,197 | ---- | M] () -- C:\csb.log
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-17 18:50:58 | 000,000,143 | ---- | M] () -- C:\KWINST.LOG
[2010-11-04 19:30:38 | 000,173,568 | RHS- | M] () -- C:\l10.exe
[2010-04-17 20:08:36 | 000,127,488 | RHS- | M] () -- C:\lhhr8.exe
[2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-21 20:20:49 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml
[2010-03-14 19:29:24 | 000,116,736 | RHS- | M] () -- C:\nhx.exe
[2012-07-08 22:39:29 | 2459,828,224 | -HS- | M] () -- C:\pagefile.sys
[2009-12-09 19:33:06 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log
[2012-03-11 16:10:45 | 000,000,310 | ---- | M] () -- C:\user.js
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010-10-17 19:25:15 | 000,175,104 | RHS- | M] () -- C:\wq.exe
[2010-03-16 18:01:00 | 000,119,808 | RHS- | M] () -- C:\y6cqb2is.exe

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\System32\drivers\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807

< End of report >

[/log]

Extras:
[log]OTL Extras logfile created on: 2012-07-08 23:05:41 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,82% Memory free
4,19 Gb Paging File | 3,69 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 21,56 Gb Free Space | 17,97% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151C44B5-B7E0-4CB8-9CF2-36057B878D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1ABCAAFA-A530-49A4-9CB9-39CBD3F73D92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45290CE1-6D2F-49D1-9EF4-26721A5F9C90}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DDAC2ED-FA3B-4188-8287-623E84296F38}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{84C3631D-34F2-4BEE-9CF0-EA1D54182822}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91FEE5AB-8BBD-40F9-8B7D-F927CE6EF13F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9246EB36-1B4C-4CEF-B852-BCBBDF228209}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{94ABC80D-D5B7-4CDE-B800-2E61DC9C5FD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA217ECC-E363-4FC0-9884-3D2B7FC7C81B}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC95357E-D414-46AA-AB4D-EA7486719138}" = rport=445 | protocol=6 | dir=out | app=system |
"{B645F3C4-F28A-4A8D-AF15-3423F77E505A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B92551B1-E77A-49D0-BABD-110AE4BC25B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{B976DDF0-AFB7-413F-A7B3-CF90FA599A2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0CFF3BA-30F0-4A7B-9D15-8DB4F1F478EB}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009ED2A7-39CF-4D58-AF1A-D95B8A998842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{06885876-3DEE-45BA-80A0-FE6DA92A3773}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0EBD0235-A6C6-4A3D-B9CD-475538D8BEDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1B1E6320-63E1-49B9-ADD5-356DD50AAD65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BEABCCC-7AC2-47DE-8A51-EA2571C8A66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48306E55-68E2-414B-A9B6-567004DF7BB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9312A5FA-F014-400D-A118-F95D721912EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{BC12A978-F418-4218-80DC-9B64DFCD679D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D7032544-596C-44EB-9A56-6A16C72304A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe |
"TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe |
"TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe |
"TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe |
"TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe |
"TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe |
"TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe |
"UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe |
"UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe |
"UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe |
"UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe |
"UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5
"{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531336A9-55EB-4367-8064-7180849D5676}" = calibre
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Catching Features Demo" = Catching Features Demo (remove only)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"facemoods" = Facemoods Toolbar
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Gadu-Gadu 10" = Gadu-Gadu 10
"Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Logo Design Studio2.1.31" = Logo Design Studio
"LogoMaker_is1" = LogoMaker 3.0
"MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PIT Format 2011_is1" = PIT Format 2011
"Postal 2" = Postal 2
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SFT_Polska Toolbar" = SFT_Polska Toolbar
"Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya
"Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"UEFA EURO 2012_is1" = UEFA EURO 2012
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"FoxTab FLV Player" = FoxTab FLV Player
"MyPaint" = MyPaint 0.9.1

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-03 05:36:15 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2012-07-03 06:31:03 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mm.exe, wersja 2.2.0.2, sygnatura czasowa
0x00000000, moduł powodujący błąd kernel32.dll, wersja 6.0.6000.16820, sygnatura
czasowa 0x49952034, kod wyjątku 0xc0000005, przesunięcie błędu 0x0004fcac, identyfikator
procesu 0x1790, godzina rozpoczęcia aplikacji 0x01cd5906e5c51f94.

Error - 2012-07-04 14:19:59 | Computer Name = POPR-PC | Source = Application Hang | ID = 1002
Description = Program opera.exe w wersji 12.0.1467.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: ce8 Godzina rozpoczęcia: 01cd5a0bf547b7a2
Godzina
zakończenia: 85

Error - 2012-07-05 09:23:47 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6000.16771, sygnatura
czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x05ba6a80, identyfikator
procesu 0x76c, godzina rozpoczęcia aplikacji 0x01cd5aa69f00223f.

Error - 2012-07-05 09:45:21 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.6000.16771, sygnatura
czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x047c6a80, identyfikator
procesu 0xdb0, godzina rozpoczęcia aplikacji 0x01cd5ab16b03df2f.

Error - 2012-07-08 06:02:36 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 06:26:08 | Computer Name = POPR-PC | Source = System Restore | ID = 8193
Description =

Error - 2012-07-08 06:47:27 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 16:39:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 16:46:14 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura
czasowa 0x4b2b56f5, moduł powodujący błąd IEFRAME.dll, wersja 7.0.6000.16982, sygnatura
czasowa 0x4b2b7a38, kod wyjątku 0xc0000005, przesunięcie błędu 0x001cfd36, identyfikator
procesu 0x614, godzina rozpoczęcia aplikacji 0x01cd5d4a9c251835.

[ System Events ]
Error - 2011-08-09 02:01:27 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 01:17:56 na 2011-08-09 było nieoczekiwane.

Error - 2011-08-09 02:01:28 | Computer Name = POPR-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.2.1 odmówił dzierżawy adresu IP 192.168.2.100
dla karty sieciowej o adresie 001A4D5092C9. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-09 10:30:08 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 14:52:09 na 2011-08-09 było nieoczekiwane.

Error - 2011-08-11 19:32:18 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 01:30:41 na 2011-08-12 było nieoczekiwane.

Error - 2011-08-21 07:41:44 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 13:39:41 na 2011-08-21 było nieoczekiwane.

Error - 2011-08-21 10:27:53 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 16:25:40 na 2011-08-21 było nieoczekiwane.


< End of report >

[/log]

Gość
komentarz
komentarz

Uruchom OTL i w oknie [b]własne opcje skanowni skkrypt[/b] wklej



[code]:Files
C:\l10.exe
C:\lhhr8.exe
C:\nhx.exe
C:\wq.exe
C:\y6cqb2is.exe
C:\Windows\SWREG.exe

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....E-001A4D5092C9}
IE - HKLM\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files\SFT_Polska\prxtbSFT_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3031817&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
:Commands
[emptyflash]
[emptytemp][/code]



Klinij w [b]Wykonj skrypt[/b]

Pobierz dwClener i zstosuj opcje [b]Delete[/b]
http://general-changelog-team.fr/outils/289-adwcleaner

Po usuwniu robisz noowy skan OTL i przedstwaisz raport

kanalistakp
komentarz
komentarz (edytowane)

Oto kolejne logi:
OTL: [log]OTL logfile created on: 2012-07-09 21:30:36 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,22% Memory free
4,19 Gb Paging File | 3,82 Gb Available in Paging File | 91,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 22,73 Gb Free Space | 18,94% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
PRC - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-02-03 19:53:53 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011-02-03 19:46:35 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2006-11-02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2006-11-02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2006-11-02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2006-11-02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-07-09 21:29:17 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
MOD - [2012-06-28 12:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
MOD - [2012-06-28 12:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012-06-28 12:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012-06-28 12:27:37 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\icudt.dll
MOD - [2012-06-28 12:27:31 | 036,733,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\chrome.dll
MOD - [2012-06-28 12:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012-06-28 12:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012-06-28 12:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2011-02-05 09:57:40 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2011-02-03 20:41:11 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2011-02-03 20:39:40 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-02-03 20:39:38 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2011-02-03 20:39:32 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-02-03 20:39:31 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-02-03 20:36:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
MOD - [2011-02-03 20:34:56 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2011-02-03 20:34:56 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2011-02-03 20:31:23 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll
MOD - [2011-02-03 20:31:23 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2011-02-03 20:29:32 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2011-02-03 20:28:28 | 001,260,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2011-02-03 20:17:21 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2011-02-03 20:08:27 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011-02-03 20:06:40 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
MOD - [2011-02-03 20:05:49 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2011-02-03 20:03:56 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll
MOD - [2011-02-03 20:01:23 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-02-03 19:56:11 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2011-02-03 19:53:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2011-02-03 19:51:44 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
MOD - [2011-02-03 19:51:40 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2011-02-03 19:48:25 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2011-02-03 19:48:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2011-02-03 19:47:59 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2011-02-03 19:46:35 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2011-02-03 19:40:35 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-02-03 19:39:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2011-02-03 19:38:55 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2011-02-03 19:37:40 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2011-02-03 19:37:40 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2011-02-03 19:37:39 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2011-02-03 19:31:29 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2011-02-03 18:55:18 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2011-02-03 18:54:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2011-02-03 18:54:30 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2011-02-03 18:52:19 | 000,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2011-02-03 18:51:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2006-11-02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 14:35:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2006-11-02 14:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2006-11-02 14:35:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2006-11-02 14:34:48 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2006-11-02 14:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2006-11-02 14:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2006-11-02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2006-11-02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2006-11-02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2006-11-02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2006-11-02 11:46:14 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2006-11-02 11:46:14 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2006-11-02 11:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
MOD - [2006-11-02 11:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2006-11-02 11:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2006-11-02 11:46:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2006-11-02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2006-11-02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2006-11-02 11:46:13 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2006-11-02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2006-11-02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2006-11-02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2006-11-02 11:46:13 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2006-11-02 11:46:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2006-11-02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2006-11-02 11:46:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
MOD - [2006-11-02 11:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2006-11-02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2006-11-02 11:46:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2006-11-02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2006-11-02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2006-11-02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2006-11-02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2006-11-02 11:46:12 | 001,822,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2006-11-02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2006-11-02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2006-11-02 11:46:12 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2006-11-02 11:46:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2006-11-02 11:46:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2006-11-02 11:46:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2006-11-02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2006-11-02 11:46:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2006-11-02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2006-11-02 11:46:12 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2006-11-02 11:46:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2006-11-02 11:46:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2006-11-02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2006-11-02 11:46:11 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2006-11-02 11:46:11 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2006-11-02 11:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
MOD - [2006-11-02 11:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2006-11-02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2006-11-02 11:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2006-11-02 11:46:10 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2006-11-02 11:46:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2006-11-02 11:46:07 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2006-11-02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2006-11-02 11:46:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2006-11-02 11:46:05 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2006-11-02 11:46:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2006-11-02 11:46:05 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2006-11-02 11:46:05 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2006-11-02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2006-11-02 11:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2006-11-02 11:46:05 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2006-11-02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2006-11-02 11:46:04 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2006-11-02 11:46:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2006-11-02 11:46:04 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
MOD - [2006-11-02 11:46:04 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2006-11-02 11:46:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2006-11-02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2006-11-02 11:46:03 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2006-11-02 11:46:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2006-11-02 11:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
MOD - [2006-11-02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2006-11-02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2006-11-02 11:46:02 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2006-11-02 11:46:02 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2006-11-02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2006-11-02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2006-11-02 11:46:02 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
MOD - [2006-11-02 11:46:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006-11-02 11:44:42 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2006-11-02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2006-11-02 11:44:42 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-02-03 20:21:46 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi)
DRV - File not found [Kernel | System | Stopped] -- -- (aswSP)
DRV - File not found [Kernel | System | Stopped] -- -- (aswRdr)
DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk)
DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex)
DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt)
DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k)
DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;src={referrer:source?}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.google.pl/cse?q={searchTerms}&amp;cx=partner-pub-2489206448026482%3A4041638047&amp;tbm=&amp;ie=UTF-8#gsc.tab=0&amp;gsc.q={searchTerms}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = http://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:en-US&amp;ie=utf8&amp;oe=utf8
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html?p=128"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.1.830
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dllt_Writer.print_unwriteable_margin_top", 0); File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-15 11:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M]

[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions
[2012-07-09 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}
[2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}
[2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}
[2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}
[2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
[2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com
[2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com
[2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-10-15 11:58:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{4BE68A18-DEBA-49E0-9E09-EE7796F3B62A}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&amp;q={searchTerms}&amp;crg=3.1010000.10011&amp;barid={914BE104-A699-11E1-A7AE-001A4D5092C9}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: avast! WebRep = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&amp;ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-07-09 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-08 23:21:55 | 160,919,016 | ---- | C] (Kaspersky Lab) -- C:\Users\POPR\Desktop\kis12.0.0.374pl_pl.exe
[2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp
[2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real
[2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005
[2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11
[2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12
[2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
[2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre
[2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-07-09 21:28:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-09 21:27:15 | 4161,843,110 | ---- | M] () -- C:\Windows\System32\ir3cache.dll
[2012-07-09 21:27:06 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT
[2012-07-09 21:27:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-07-09 21:26:44 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012-07-09 21:26:12 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-07-09 21:26:11 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-07-09 21:26:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-09 21:26:00 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-09 21:26:00 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-09 21:18:49 | 000,618,655 | ---- | M] () -- C:\Users\POPR\Desktop\adwcleaner.exe
[2012-07-09 21:12:40 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2012-07-08 23:30:15 | 160,919,016 | ---- | M] (Kaspersky Lab) -- C:\Users\POPR\Desktop\kis12.0.0.374pl_pl.exe
[2012-07-08 23:02:38 | 000,801,306 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012-07-08 23:02:38 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-07-08 23:02:38 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-07-08 23:02:38 | 000,085,832 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-07-08 23:02:38 | 000,012,232 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 12:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-09 21:18:46 | 000,618,655 | ---- | C] () -- C:\Users\POPR\Desktop\adwcleaner.exe
[2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk
[2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-01-15 01:21:26 | 4161,843,110 | ---- | C] () -- C:\Windows\System32\ir3cache.dll
[2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys
[2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys
[2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys
[2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll
[2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe
[2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll
[2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll
[2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys
[2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll
[2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll
[2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat
[2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer
[2012-07-09 21:26:44 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent
[2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre
[2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite
[2012-07-09 21:12:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles
[2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10
[2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN
[2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo
[2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0
[2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla
[2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech
[2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker
[2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera
[2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin
[2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape
[2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer
[2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys
[2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client
[2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue
[2012-07-09 21:26:44 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012-07-09 21:27:07 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807

< End of report >

[/log]
Extras: [log]OTL Extras logfile created on: 2012-07-09 21:30:36 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,22% Memory free
4,19 Gb Paging File | 3,82 Gb Available in Paging File | 91,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 22,73 Gb Free Space | 18,94% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,61 Gb Free Space | 42,10% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151C44B5-B7E0-4CB8-9CF2-36057B878D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1ABCAAFA-A530-49A4-9CB9-39CBD3F73D92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45290CE1-6D2F-49D1-9EF4-26721A5F9C90}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DDAC2ED-FA3B-4188-8287-623E84296F38}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{84C3631D-34F2-4BEE-9CF0-EA1D54182822}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91FEE5AB-8BBD-40F9-8B7D-F927CE6EF13F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9246EB36-1B4C-4CEF-B852-BCBBDF228209}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{94ABC80D-D5B7-4CDE-B800-2E61DC9C5FD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA217ECC-E363-4FC0-9884-3D2B7FC7C81B}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC95357E-D414-46AA-AB4D-EA7486719138}" = rport=445 | protocol=6 | dir=out | app=system |
"{B645F3C4-F28A-4A8D-AF15-3423F77E505A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B92551B1-E77A-49D0-BABD-110AE4BC25B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{B976DDF0-AFB7-413F-A7B3-CF90FA599A2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0CFF3BA-30F0-4A7B-9D15-8DB4F1F478EB}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009ED2A7-39CF-4D58-AF1A-D95B8A998842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{06885876-3DEE-45BA-80A0-FE6DA92A3773}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0EBD0235-A6C6-4A3D-B9CD-475538D8BEDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1B1E6320-63E1-49B9-ADD5-356DD50AAD65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BEABCCC-7AC2-47DE-8A51-EA2571C8A66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48306E55-68E2-414B-A9B6-567004DF7BB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9312A5FA-F014-400D-A118-F95D721912EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{BC12A978-F418-4218-80DC-9B64DFCD679D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D7032544-596C-44EB-9A56-6A16C72304A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe |
"TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe |
"TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe |
"TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe |
"TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe |
"TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe |
"TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe |
"UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe |
"UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe |
"UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe |
"UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe |
"UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5
"{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531336A9-55EB-4367-8064-7180849D5676}" = calibre
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Catching Features Demo" = Catching Features Demo (remove only)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Gadu-Gadu 10" = Gadu-Gadu 10
"Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Logo Design Studio2.1.31" = Logo Design Studio
"LogoMaker_is1" = LogoMaker 3.0
"MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PIT Format 2011_is1" = PIT Format 2011
"Postal 2" = Postal 2
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"SearchCore for Browsers" = SearchCore for Browsers
"SFT_Polska Toolbar" = SFT_Polska Toolbar
"Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya
"Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"UEFA EURO 2012_is1" = UEFA EURO 2012
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"FoxTab FLV Player" = FoxTab FLV Player
"MyPaint" = MyPaint 0.9.1

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-05 09:23:47 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6000.16771, sygnatura
czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x05ba6a80, identyfikator
procesu 0x76c, godzina rozpoczęcia aplikacji 0x01cd5aa69f00223f.

Error - 2012-07-05 09:45:21 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.6000.16771, sygnatura
czasowa 0x4907deda, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x047c6a80, identyfikator
procesu 0xdb0, godzina rozpoczęcia aplikacji 0x01cd5ab16b03df2f.

Error - 2012-07-08 06:02:36 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 06:26:08 | Computer Name = POPR-PC | Source = System Restore | ID = 8193
Description =

Error - 2012-07-08 06:47:27 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 16:39:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-08 16:46:14 | Computer Name = POPR-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura
czasowa 0x4b2b56f5, moduł powodujący błąd IEFRAME.dll, wersja 7.0.6000.16982, sygnatura
czasowa 0x4b2b7a38, kod wyjątku 0xc0000005, przesunięcie błędu 0x001cfd36, identyfikator
procesu 0x614, godzina rozpoczęcia aplikacji 0x01cd5d4a9c251835.

Error - 2012-07-09 15:16:20 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-09 15:24:08 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

Error - 2012-07-09 15:28:57 | Computer Name = POPR-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 2011-08-09 02:01:27 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 01:17:56 na 2011-08-09 było nieoczekiwane.

Error - 2011-08-09 02:01:28 | Computer Name = POPR-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.2.1 odmówił dzierżawy adresu IP 192.168.2.100
dla karty sieciowej o adresie 001A4D5092C9. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-09 10:30:08 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 14:52:09 na 2011-08-09 było nieoczekiwane.

Error - 2011-08-11 19:32:18 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 01:30:41 na 2011-08-12 było nieoczekiwane.

Error - 2011-08-21 07:41:44 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 13:39:41 na 2011-08-21 było nieoczekiwane.

Error - 2011-08-21 10:27:53 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 16:25:40 na 2011-08-21 było nieoczekiwane.


< End of report >

[/log]

Niestety puki co brak zmian co do wirusa. Dalej widnieje tapetka wyłudzająca pieniądze która blokuje wszystko.</key></extension></extension>

Gość
komentarz
komentarz (edytowane)

Uruchom OTL i w oknie własne opcje skanowania/skrypt wklej:

[code]:OTL
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
O2 - BHO: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Wwanpref] C:\Users\POPR\AppData\Local\Microsoft\Windows\3506\Wwanpref.exe ()
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807

:Files
C:\Users\POPR\AppData\Local\Microsoft\Windows\3506

:Commands
[emptytemp][/code]


Kliknij w [b]Wykonaj skrypt[/b]


Przedstaw też raport z [b]ComboFix[/b] bo był tu uzywany.

kanalistakp
komentarz
komentarz

Kolejne logi na wszelki wypadek:
[log]
OTL logfile created on: 2012-07-10 21:43:35 - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,68% Memory free
4,23 Gb Paging File | 2,58 Gb Available in Paging File | 60,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 25,86 Gb Free Space | 21,55% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,67 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,48 Gb Free Space | 81,17% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
PRC - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012-05-16 20:19:25 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012-04-26 11:14:07 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012-04-17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012-03-11 16:10:32 | 000,453,240 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\ExpressFiles.exe
PRC - [2012-03-11 16:10:32 | 000,172,664 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\EFupdater.exe
PRC - [2012-03-02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011-04-17 13:11:04 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011-02-03 20:39:19 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2011-02-03 19:56:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-02-03 19:53:50 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2010-07-09 17:37:10 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008-01-19 09:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2008-01-19 09:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 09:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe
PRC - [2008-01-19 09:33:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2008-01-19 09:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008-01-19 09:33:28 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2008-01-19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008-01-19 09:33:22 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008-01-19 09:33:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2012-07-10 18:46:56 | 000,042,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\pxstub.ppl
MOD - [2012-07-10 18:46:34 | 002,138,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\basegui.ppl
MOD - [2012-07-10 18:46:23 | 003,744,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpgui.ppl
MOD - [2012-07-10 15:15:45 | 000,209,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblc.dll
MOD - [2012-07-10 15:15:34 | 000,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kltbar.dll
MOD - [2012-07-10 15:11:56 | 000,422,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpmain.dll
MOD - [2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
MOD - [2012-06-19 17:52:51 | 000,278,352 | ---- | M] (Valve Corporation) -- D:\Steam\crashhandler.dll
MOD - [2012-06-19 17:52:49 | 006,765,392 | ---- | M] (Valve Corporation) -- D:\Steam\steamclient.dll
MOD - [2012-06-19 17:52:49 | 000,237,904 | ---- | M] (Valve Corporation) -- D:\Steam\tier0_s.dll
MOD - [2012-06-19 17:52:49 | 000,210,256 | ---- | M] (Valve Corporation) -- D:\Steam\vstdlib_s.dll
MOD - [2012-06-19 17:52:49 | 000,122,864 | ---- | M] (Valve) -- D:\Steam\CSERHelper.dll
MOD - [2012-06-19 17:52:47 | 001,741,136 | ---- | M] (Valve Corporation) -- d:\Steam\bin\ServerBrowser.dll
MOD - [2012-06-19 17:52:47 | 000,669,008 | ---- | M] (Valve Corporation) -- D:\Steam\bin\vgui2_s.dll
MOD - [2012-06-19 17:52:46 | 020,313,384 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012-06-19 17:52:44 | 009,955,112 | ---- | M] (The ICU Project) -- D:\Steam\bin\icudt.dll
MOD - [2012-06-19 17:52:44 | 002,328,400 | ---- | M] (Valve Corporation) -- d:\Steam\bin\friendsUI.dll
MOD - [2012-06-19 17:52:44 | 000,895,312 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012-06-19 17:52:44 | 000,168,272 | ---- | M] (Valve Corporation) -- D:\Steam\bin\FileSystem_Steam.dll
MOD - [2012-06-19 17:52:43 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012-06-19 17:52:43 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012-06-19 17:52:42 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012-06-19 17:52:39 | 002,975,056 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.dll
MOD - [2012-06-19 17:52:14 | 001,039,192 | ---- | M] (Microsoft Corporation) -- D:\Steam\dbghelp.dll
MOD - [2012-06-19 17:52:11 | 004,028,752 | ---- | M] (Valve Corporation) -- D:\Steam\SteamUI.dll
MOD - [2012-05-16 20:19:25 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
MOD - [2012-04-26 11:14:07 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
MOD - [2012-04-17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
MOD - [2012-04-17 17:19:08 | 004,860,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
MOD - [2012-04-17 17:18:40 | 003,725,120 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\Engine.dll
MOD - [2012-04-06 12:22:56 | 000,382,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Lite\imgengine.dll
MOD - [2012-03-11 16:10:33 | 000,936,960 | ---- | M] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Program Files\ExpressFiles\htmlayout.dll
MOD - [2012-03-11 16:10:32 | 000,453,240 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\ExpressFiles.exe
MOD - [2012-03-11 16:10:32 | 000,172,664 | ---- | M] ([url="http://www.express-files.com/"]http://www.express-files.com/[/url]) -- C:\Program Files\ExpressFiles\EFupdater.exe
MOD - [2012-03-02 14:41:20 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
MOD - [2012-01-26 08:26:12 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2012-01-26 08:26:12 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2012-01-26 08:25:33 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2012-01-26 08:25:33 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011-10-18 19:05:34 | 000,042,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
MOD - [2011-10-10 12:09:26 | 000,555,168 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeBrowserOptions.dll
MOD - [2011-10-10 12:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
MOD - [2011-10-10 12:09:04 | 004,186,784 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MOD - [2011-09-28 12:03:10 | 000,090,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
MOD - [2011-09-28 12:03:08 | 001,114,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\params.ppl
MOD - [2011-09-28 12:03:08 | 000,180,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\shellex.dll
MOD - [2011-09-28 12:03:08 | 000,147,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\scrchpg.dll
MOD - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
MOD - [2011-04-24 23:14:30 | 000,041,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\thpimpl.ppl
MOD - [2011-04-24 23:14:28 | 000,038,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\winreg.ppl
MOD - [2011-04-24 23:14:06 | 000,115,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\nfio.ppl
MOD - [2011-04-24 23:13:56 | 000,021,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\fsdrvplg.ppl
MOD - [2011-04-24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011-04-24 23:13:28 | 000,274,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\service.dll
MOD - [2011-04-24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011-04-24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011-04-24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011-04-24 23:13:26 | 000,074,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\memmon.dll
MOD - [2011-04-24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011-04-24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011-04-24 23:13:22 | 000,270,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll
MOD - [2011-04-24 23:13:22 | 000,147,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll
MOD - [2011-04-24 23:13:16 | 000,582,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\localization_manager.dll
MOD - [2011-04-24 23:13:12 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
MOD - [2011-04-24 23:13:12 | 000,070,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbcl.dll
MOD - [2011-04-24 23:13:10 | 000,030,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klscav.dll
MOD - [2011-04-24 23:13:06 | 000,086,416 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
MOD - [2011-04-24 23:13:02 | 000,098,704 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\fssync.dll
MOD - [2011-04-24 23:13:00 | 000,967,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\eka_meta.dll
MOD - [2011-04-24 23:13:00 | 000,315,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\esmgr.dll
MOD - [2011-04-24 23:12:58 | 000,123,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\dumpwriter.dll
MOD - [2011-04-24 23:12:56 | 000,019,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\clldr.dll
MOD - [2011-04-24 23:12:54 | 000,012,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avpinit.dll
MOD - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
MOD - [2011-04-20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011-04-17 13:11:04 | 006,163,104 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\Flash10p.ocx
MOD - [2011-04-17 13:11:04 | 000,311,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.dll
MOD - [2011-04-17 13:11:04 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
MOD - [2011-02-08 22:56:07 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Java\jre6\bin\msvcr71.dll
MOD - [2011-02-05 09:58:44 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2011-02-05 09:57:40 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2011-02-03 20:41:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2011-02-03 20:41:10 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
MOD - [2011-02-03 20:39:25 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
MOD - [2011-02-03 20:39:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-02-03 20:39:24 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
MOD - [2011-02-03 20:39:24 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
MOD - [2011-02-03 20:39:23 | 006,069,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2011-02-03 20:39:23 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
MOD - [2011-02-03 20:39:21 | 003,585,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
MOD - [2011-02-03 20:39:19 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
MOD - [2011-02-03 20:39:18 | 001,174,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-02-03 20:39:18 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-02-03 20:34:55 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2011-02-03 20:34:55 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2011-02-03 20:29:28 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2011-02-03 20:28:26 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
MOD - [2011-02-03 20:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2011-02-03 20:17:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2011-02-03 20:08:27 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011-02-03 20:05:49 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2011-02-03 20:03:55 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2011-02-03 20:01:22 | 011,580,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-02-03 19:56:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2011-02-03 19:53:50 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2011-02-03 19:53:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2011-02-03 19:51:02 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
MOD - [2011-02-03 19:50:58 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2011-02-03 19:47:56 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2011-02-03 19:46:32 | 000,615,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2011-02-03 19:44:58 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
MOD - [2011-02-03 19:40:33 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-02-03 19:38:54 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2011-02-03 18:56:44 | 000,541,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2011-02-03 18:56:44 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll
MOD - [2011-02-03 18:55:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2011-02-03 18:54:29 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2011-02-02 20:45:46 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2011-01-30 17:45:14 | 000,062,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MOD - [2011-01-30 17:45:12 | 000,064,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MOD - [2010-07-10 06:37:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
MOD - [2010-03-15 12:28:22 | 000,142,336 | ---- | M] (Alexander Roshal) -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009-02-26 18:07:12 | 000,060,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
MOD - [2008-01-19 09:38:14 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2008-01-19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008-01-19 09:38:02 | 000,155,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-19 09:37:11 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008-01-19 09:37:11 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2008-01-19 09:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2008-01-19 09:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2008-01-19 09:37:10 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
MOD - [2008-01-19 09:37:10 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-19 09:37:09 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2008-01-19 09:37:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2008-01-19 09:36:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2008-01-19 09:36:57 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008-01-19 09:36:56 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2008-01-19 09:36:55 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2008-01-19 09:36:55 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
MOD - [2008-01-19 09:36:55 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008-01-19 09:36:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
MOD - [2008-01-19 09:36:52 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2008-01-19 09:36:52 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
MOD - [2008-01-19 09:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll
MOD - [2008-01-19 09:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008-01-19 09:36:49 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2008-01-19 09:36:49 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2008-01-19 09:36:48 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008-01-19 09:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-19 09:36:47 | 000,765,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll
MOD - [2008-01-19 09:36:47 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-19 09:36:47 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008-01-19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008-01-19 09:36:46 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008-01-19 09:36:41 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
MOD - [2008-01-19 09:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008-01-19 09:36:39 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
MOD - [2008-01-19 09:36:38 | 002,204,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2008-01-19 09:36:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll
MOD - [2008-01-19 09:36:38 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
MOD - [2008-01-19 09:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008-01-19 09:36:36 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2008-01-19 09:36:35 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2008-01-19 09:36:34 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2008-01-19 09:36:30 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
MOD - [2008-01-19 09:36:29 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2008-01-19 09:36:25 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008-01-19 09:36:24 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008-01-19 09:36:24 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2008-01-19 09:36:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008-01-19 09:36:17 | 000,456,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
MOD - [2008-01-19 09:36:17 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
MOD - [2008-01-19 09:36:15 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
MOD - [2008-01-19 09:36:15 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
MOD - [2008-01-19 09:36:14 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2008-01-19 09:36:12 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2008-01-19 09:36:11 | 000,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2008-01-19 09:36:11 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
MOD - [2008-01-19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008-01-19 09:36:07 | 001,823,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2008-01-19 09:36:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2008-01-19 09:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
MOD - [2008-01-19 09:36:06 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
MOD - [2008-01-19 09:36:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2008-01-19 09:36:02 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2008-01-19 09:36:02 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
MOD - [2008-01-19 09:36:01 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2008-01-19 09:36:01 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2008-01-19 09:36:01 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2008-01-19 09:36:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
MOD - [2008-01-19 09:36:01 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008-01-19 09:35:59 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2008-01-19 09:35:58 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008-01-19 09:35:58 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-19 09:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2008-01-19 09:35:37 | 003,173,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2008-01-19 09:35:35 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2008-01-19 09:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
MOD - [2008-01-19 09:35:15 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008-01-19 09:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2008-01-19 09:35:14 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2008-01-19 09:35:13 | 001,696,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
MOD - [2008-01-19 09:35:13 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008-01-19 09:35:13 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
MOD - [2008-01-19 09:35:13 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2008-01-19 09:35:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
MOD - [2008-01-19 09:35:11 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2008-01-19 09:35:10 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008-01-19 09:35:10 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
MOD - [2008-01-19 09:34:59 | 000,476,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
MOD - [2008-01-19 09:34:55 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008-01-19 09:34:55 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2008-01-19 09:34:54 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2008-01-19 09:34:54 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2008-01-19 09:34:52 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008-01-19 09:34:49 | 002,011,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
MOD - [2008-01-19 09:34:49 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2008-01-19 09:34:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2008-01-19 09:34:46 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2008-01-19 09:34:34 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2008-01-19 09:34:33 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2008-01-19 09:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008-01-19 09:34:33 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
MOD - [2008-01-19 09:34:32 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2008-01-19 09:34:28 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\iebrshim.dll
MOD - [2008-01-19 09:34:26 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
MOD - [2008-01-19 09:34:23 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2008-01-19 09:34:22 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2008-01-19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
MOD - [2008-01-19 09:34:21 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
MOD - [2008-01-19 09:34:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
MOD - [2008-01-19 09:34:20 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2008-01-19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
MOD - [2008-01-19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
MOD - [2008-01-19 09:34:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2008-01-19 09:34:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2008-01-19 09:34:07 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2008-01-19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008-01-19 09:34:07 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2008-01-19 09:34:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008-01-19 09:34:05 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2008-01-19 09:34:03 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
MOD - [2008-01-19 09:34:03 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2008-01-19 09:34:03 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2008-01-19 09:34:03 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2008-01-19 09:34:01 | 001,788,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
MOD - [2008-01-19 09:34:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
MOD - [2008-01-19 09:34:00 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2008-01-19 09:34:00 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2008-01-19 09:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008-01-19 09:33:59 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2008-01-19 09:33:58 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-19 09:33:52 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2008-01-19 09:33:51 | 001,111,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
MOD - [2008-01-19 09:33:50 | 000,323,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
MOD - [2008-01-19 09:33:49 | 001,324,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
MOD - [2008-01-19 09:33:49 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
MOD - [2008-01-19 09:33:47 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2008-01-19 09:33:47 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2008-01-19 09:33:45 | 001,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2008-01-19 09:33:45 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
MOD - [2008-01-19 09:33:45 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2008-01-19 09:33:45 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008-01-19 09:33:43 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008-01-19 09:33:43 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008-01-19 09:33:41 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcRedir.dll
MOD - [2008-01-19 09:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
MOD - [2008-01-19 09:33:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
MOD - [2008-01-19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
MOD - [2008-01-19 09:33:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-19 09:32:56 | 001,122,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
MOD - [2008-01-19 09:32:56 | 000,990,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2008-01-19 09:32:56 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-19 09:32:56 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2008-01-19 09:32:56 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2008-01-19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008-01-19 09:26:33 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
MOD - [2006-11-02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2006-11-02 14:35:10 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\radarrs.dll
MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2006-11-02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2006-11-02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll
MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2006-11-02 11:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shimeng.dll
MOD - [2006-11-02 11:46:13 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll
MOD - [2006-11-02 11:46:12 | 000,707,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\opengl32.dll
MOD - [2006-11-02 11:46:12 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pautoenr.dll
MOD - [2006-11-02 11:46:12 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2006-11-02 11:46:05 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\glu32.dll
MOD - [2006-11-02 11:46:05 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2006-11-02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
MOD - [2006-11-02 11:46:04 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltLib.dll
MOD - [2006-11-02 11:46:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddrawex.dll
MOD - [2006-11-02 11:46:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll
MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-06-19 17:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\POPR\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012-07-10 14:50:42 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-01-14 07:07:56 | 000,025,088 | ---- | M] () [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\nvlddmex.sys -- (nvlddmex)
DRV - [2012-01-14 07:07:00 | 000,017,408 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\umpassnt.sys -- (umpassnt)
DRV - [2012-01-14 07:06:50 | 000,522,240 | ---- | M] () [Kernel | System | Unknown] -- C:\Windows\System32\drivers\sym2k.sys -- (sym2k)
DRV - [2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010-07-10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-06-10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009-06-10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source"]http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source[/url]?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gazeta.pl/0,0.html?p=128"]http://www.gazeta.pl/0,0.html?p=128[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source"]http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source[/url]?}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = [url="http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms"]http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms[/url]}
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={sear"]http://www.google.com/search?q={sear[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\SearchScopes\{8E3C19F4-56E8-437D-BB4D-26D7C3C52F7D}: "URL" = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/url]
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25406

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[url="http://www.gazeta.pl/0,0.html?p=128"]http://www.gazeta.pl/0,0.html?p=128[/url]"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: [email="add-to-searchbox@maltekraus.de:2.0"]add-to-searchbox@maltekraus.de:2.0[/email]
FF - prefs.js..extensions.enabledItems: [email="nosquint@urandom.ca:2.1"]nosquint@urandom.ca:2.1[/email]
FF - prefs.js..extensions.enabledItems: [email="tabprogressbar@studio17.wordpress.com:0.6"]tabprogressbar@studio17.wordpress.com:0.6[/email]
FF - prefs.js..extensions.enabledItems: [email="vinceturk@gmail.com:2.7.1.830"]vinceturk@gmail.com:2.7.1.830[/email]
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email="wrc@avast.com:6.0.1289"]wrc@avast.com:6.0.1289[/email]
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email="ffxtlbr@babylon.com:1.1.9"]ffxtlbr@babylon.com:1.1.9[/email]
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b}:3.6.0.10
FF - prefs.js..extensions.enabledItems: [email="plugin@yontoo.com:1.20.00"]plugin@yontoo.com:1.20.00[/email]
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dllt_Writer.print_unwriteable_margin_top", 0); File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-07-10 18:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-07-10 18:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-07-10 18:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-28 20:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-28 20:49:16 | 000,000,000 | ---D | M]

[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Extensions
[2012-07-09 21:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2011-04-09 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}
[2011-04-09 19:58:49 | 000,000,000 | ---D | M] (TweakMDB) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011-02-06 08:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-04-09 19:58:45 | 000,000,000 | ---D | M] (Like The Page) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}
[2011-04-17 07:16:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011-12-27 23:29:44 | 000,000,000 | ---D | M] (SFT_Polska Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{5c5b9468-d672-4eb7-b52f-b5afabf28c5b}
[2011-04-17 07:16:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011-04-09 19:58:42 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2011-04-09 19:57:47 | 000,000,000 | ---D | M] (AddonFox) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}
[2011-04-09 19:59:04 | 000,000,000 | ---D | M] (LinkExtend) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
[2011-04-09 19:58:53 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012-06-22 23:08:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011-04-09 19:58:44 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\add-to-searchbox@maltekraus.de
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\nosquint@urandom.ca
[2011-04-09 19:58:50 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\tabprogressbar@studio17.wordpress.com
[2011-04-09 19:59:11 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\POPR\AppData\Roaming\mozilla\Firefox\Profiles\jyjkpelx.default\extensions\vinceturk@gmail.com
[2011-12-28 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-03 20:56:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-12-28 14:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011-02-08 22:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-06-22 20:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-10-30 10:33:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-10-22 21:29:00 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{4BE68A18-DEBA-49E0-9E09-EE7796F3B62A}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
File not found (No name found) -- C:\USERS\POPR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYJKPELX.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-03-06 23:13:59 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-03-06 23:14:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-03-06 23:14:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-03-06 23:14:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-12-27 23:31:03 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2011-03-06 23:14:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-03-06 23:14:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = [url="http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9"]http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={914BE104-A699-11E1-A7AE-001A4D5092C9[/url]}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Users\POPR\Desktop\Julia\)\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Blokowanie baner\u00F3w = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Klawiatura wirtualna = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Blokowanie baner\u00F3w = C:\Users\POPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012-07-08 12:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe ([url="http://www.express-files.com/"]http://www.express-files.com/[/url])
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.206.32.32 193.110.228.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B8E915-B6DA-4C4E-BAFE-02D5197C4E5D}: DhcpNameServer = 89.206.32.32 193.110.228.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lineage II Freya PL.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rejestrowanie produktów Corela.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^POPR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]avast5[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Best Malware Protection[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]DATAMNGR[/b] - hkey= - key= - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
MsConfig - StartUpReg: [b]EA Core[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ehTray.exe[/b] - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]facemoods[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]PKTray[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ProfilerU[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig - StartUpReg: [b]SaiMfd[/b] - hkey= - key= - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]Spol[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]WINKL[/b] - hkey= - key= - File not found
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-07-10 20:12:08 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2012-07-10 14:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012-07-10 14:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-07-10 14:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012-07-10 14:50:42 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012-07-09 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-08 23:03:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 12:49:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-07-08 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Local\temp
[2012-07-08 12:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-07-08 12:25:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-07-08 12:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012-07-08 12:25:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-07-08 12:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-08 12:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-07-06 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-07-03 11:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2012-07-02 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\Real
[2012-06-27 11:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012-06-25 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Visual Studio 2005
[2012-06-25 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-06-25 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012-06-23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 11
[2012-06-22 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\FIFA 12
[2012-06-22 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
[2012-06-22 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2012-06-22 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-06-22 20:12:14 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012-06-22 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-05-25 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\POPR\Documents\Biblioteka calibre
[2012-05-25 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\POPR\AppData\Roaming\calibre
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012-05-25 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012-05-25 20:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-07-10 21:42:39 | 003,670,016 | -HS- | M] () -- C:\Users\POPR\NTUSER.DAT
[2012-07-10 20:54:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-10 20:25:53 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-07-10 20:25:52 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-07-10 20:25:48 | 000,988,600 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012-07-10 20:25:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-07-10 20:25:48 | 000,183,812 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-07-10 20:25:48 | 000,126,702 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-07-10 20:25:48 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-07-10 20:25:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-10 20:25:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012-07-10 20:24:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-10 20:24:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-10 20:24:33 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2012-07-10 20:19:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-07-10 20:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-10 20:18:48 | 000,357,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-07-10 20:18:04 | 4213,950,873 | ---- | M] () -- C:\Windows\System32\ir3cache.dll
[2012-07-10 19:39:15 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012-07-10 19:39:06 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012-07-10 14:56:48 | 000,017,408 | ---- | M] () -- C:\Users\POPR\AppData\Local\WebpageIcons.db
[2012-07-10 14:54:40 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012-07-10 14:54:40 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012-07-10 14:50:42 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012-07-09 21:12:40 | 000,000,680 | ---- | M] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2012-07-08 23:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\POPR\Desktop\24960-OTL.exe
[2012-07-08 12:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2012-07-08 12:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-07-08 12:05:14 | 000,074,752 | ---- | M] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-03 11:41:31 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-23 19:53:48 | 212,601,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-06-22 20:12:14 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-07-10 20:25:29 | 000,000,949 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012-07-10 14:56:41 | 000,017,408 | ---- | C] () -- C:\Users\POPR\AppData\Local\WebpageIcons.db
[2012-07-10 14:54:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012-07-10 14:54:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012-07-08 12:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-07-08 12:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-07-08 12:25:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-07-08 12:25:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-07-08 12:25:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-07-03 11:41:31 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2012-07-03 11:40:58 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012-06-25 11:33:55 | 000,000,564 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk
[2012-06-23 19:53:33 | 212,601,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-01-15 01:21:26 | 4213,950,873 | ---- | C] () -- C:\Windows\System32\ir3cache.dll
[2012-01-15 01:19:54 | 000,522,240 | ---- | C] () -- C:\Windows\System32\drivers\sym2k.sys
[2012-01-15 01:19:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmex.sys
[2012-01-15 01:19:54 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\umpassnt.sys
[2012-01-15 01:19:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\mswcom.dat.dll
[2012-01-14 07:13:42 | 003,158,016 | ---- | C] () -- C:\Windows\System32\Searcsvr.exe
[2012-01-14 07:07:56 | 001,094,144 | ---- | C] () -- C:\Windows\System32\certx86.dll
[2012-01-14 07:07:56 | 000,139,264 | ---- | C] () -- C:\Windows\System32\udhisa32.dll
[2011-09-26 22:24:29 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-09-26 22:24:29 | 000,138,056 | ---- | C] () -- C:\Users\POPR\AppData\Roaming\PnkBstrK.sys
[2011-09-26 22:24:14 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-09-26 22:24:10 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011-09-26 22:24:10 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-09-06 00:37:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\msprcpord.dll
[2011-06-12 16:41:25 | 000,191,755 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011-06-12 16:41:25 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011-05-18 17:11:35 | 000,009,861 | ---- | C] () -- C:\Windows\System32\mswrnpore.dll
[2011-05-12 07:50:02 | 000,000,680 | ---- | C] () -- C:\Users\POPR\AppData\Local\d3d9caps.dat
[2011-04-25 10:03:58 | 000,106,640 | ---- | C] () -- C:\Users\POPR\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-04-24 22:47:47 | 000,074,752 | ---- | C] () -- C:\Users\POPR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-29 22:43:29 | 000,099,480 | ---- | C] () -- C:\Windows\hpqins11.dat
[2011-03-29 22:39:16 | 000,101,654 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011-03-29 22:37:04 | 000,105,569 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011-03-29 21:31:27 | 000,010,709 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011-03-06 19:25:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011-02-24 23:08:08 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2011-02-24 23:08:08 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011-02-10 13:23:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-02-06 22:19:15 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2011-02-06 22:18:52 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-02-06 22:18:49 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011-02-02 22:05:07 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011-02-02 21:12:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-06 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BESTplayer
[2012-07-10 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\BitTorrent
[2012-05-25 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\calibre
[2011-08-24 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-07-04 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\DAEMON Tools Lite
[2012-07-10 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ExpressFiles
[2012-05-02 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Gadu-Gadu 10
[2011-03-07 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GARMIN
[2011-10-22 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\GetRightToGo
[2011-09-02 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\gtk-2.0
[2012-07-06 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\hellomoto
[2012-06-25 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\ipla
[2011-11-30 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Leadertech
[2011-12-13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\LogoMaker
[2011-09-25 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Opera
[2012-06-22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Origin
[2012-03-06 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\PhotoScape
[2011-11-30 12:22:38 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Program Files
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Przyspiesz Komputer
[2011-02-02 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RDRM
[2011-10-15 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\RegistryKeys
[2011-11-12 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\TS3Client
[2012-03-29 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\POPR\AppData\Roaming\Uniblue
[2012-07-10 20:25:00 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012-07-10 20:14:20 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2012-07-09 21:24:40 | 000,054,122 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009-12-09 19:33:06 | 000,000,197 | ---- | M] () -- C:\csb.log
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-17 18:50:58 | 000,000,143 | ---- | M] () -- C:\KWINST.LOG
[2009-12-05 21:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-21 20:20:49 | 000,001,004 | ---- | M] () -- C:\NetworkCfg.xml
[2012-07-10 20:17:42 | 2459,709,440 | -HS- | M] () -- C:\pagefile.sys
[2009-12-09 19:33:06 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log
[2012-03-11 16:10:45 | 000,000,310 | ---- | M] () -- C:\user.js
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011-02-03 19:57:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8303F807
< End of report >
[/log]
Extras: [log]OTL Extras logfile created on: 2012-07-10 21:43:35 - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\POPR\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,68% Memory free
4,23 Gb Paging File | 2,58 Gb Available in Paging File | 60,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120,00 Gb Total Space | 25,86 Gb Free Space | 21,55% Space Free | Partition Type: NTFS
Drive D: | 170,10 Gb Total Space | 71,67 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
Drive E: | 7,98 Gb Total Space | 6,48 Gb Free Space | 81,17% Space Free | Partition Type: NTFS

Computer Name: POPR-PC | User Name: POPR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05136429-3041-4CF9-A9B2-C6D607D07652}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{08165558-A9AC-4D78-BD5C-03FB69AA2B35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{12B15698-0C08-4382-B50E-1217F4C149E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{1B1809AC-B7F3-4D02-946F-9F2A70B3BDB1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1BF0A2D1-05CA-49E1-8D94-693E162BDB31}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2831785F-C7C5-4F9F-9D16-B26172017F80}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3B23A5FF-209E-488A-BA8B-D13D81007E6F}" = protocol=17 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{466C2376-67D3-42DE-A6B1-6D19AFC841EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5104DB92-53A8-4814-A7CB-2E397346BD44}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{594D67CA-5FD3-4493-81E6-CB0FB2DCA644}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{78C7F9C5-51C7-4856-801C-DBAA8467333E}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{7CC6EC68-D69A-4C34-962C-4283A2BC4DFF}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81E75D6B-D639-4D04-8638-7F964D632657}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{873A0966-E2FF-49BE-80C1-BADBD14F1667}" = protocol=6 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"{87F7BE2F-8E49-4FF6-95DF-75D5FD364170}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8BACBD38-9FB2-4EBC-9C73-3E6BDC33FCE1}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8EC0A0AF-D9BF-47E6-BE36-B15A77837AE1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{917D6C84-5D13-4A25-8E32-2051C59C900C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{962F10D8-DFAD-4960-962E-E4724FEA3989}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{96691F3F-BC54-487C-84CE-18C96D7F26C1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A31624E2-DDE7-420E-8D14-390D8DFE9C11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A863381F-18B0-4762-9DC6-544161CED9EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AA6D4090-D24C-4ACC-AEF7-0AC13E7A077F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AAF16AD4-7173-474C-8C22-D37580D86E06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AC12B313-8CD2-4AA1-B2FC-1CB3D83BCEE5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B4A7AB9D-4962-4762-8564-3F3F47F4D89B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{BEB75148-A059-41E8-9CCC-5CB4B4861E67}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{C7916A08-85FD-487B-9BC1-FA51D955276A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{CA940065-53C3-43ED-A552-23E2E454DB10}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D13F030D-40F1-487B-8D3F-D9E0F7D73A96}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D8452D69-49DB-42E1-979C-A7E15899FA11}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{E1CB3C4E-BBE3-4380-B570-5FA2FCEA7DD3}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F0B26113-5B66-435F-AC35-D0448B653557}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F37723C3-0056-431E-B09E-CE0FC550D176}" = protocol=6 | dir=in | app=d:\bd2\bfbc2updater.exe |
"{FC93AF15-7513-44E6-86AC-4196523DC6F4}" = protocol=17 | dir=in | app=c:\users\popr\desktop\sweetimsetup.exe |
"TCP Query User{14309E15-17A0-4158-BC9F-4672D76A694E}C:\program files\vox maris\instructor.exe" = protocol=6 | dir=in | app=c:\program files\vox maris\instructor.exe |
"TCP Query User{163A112A-F1A3-4C50-A295-951057DFB4BB}D:\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod2\cod2mp_s.exe |
"TCP Query User{216675FC-CD32-45B8-9807-6D0D9D05BF92}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{474F8436-E8A1-470F-9DCF-DA7E88BC5465}D:\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\game\fifa.exe |
"TCP Query User{4E210590-3742-4C21-B83A-00D3EE50B5E0}C:\colin dirt\dirt.exe" = protocol=6 | dir=in | app=c:\colin dirt\dirt.exe |
"TCP Query User{56BDB2D9-4ED2-47A3-A71E-107D3554B30A}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{57549965-6104-4D62-B8FA-6B30B8F49B42}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{6A0C3985-00E8-44DB-BA64-C5261CA80200}D:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"TCP Query User{71DCEF14-8B07-4F8A-B3F8-721D1A305C7F}D:\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\uplauncher.exe |
"TCP Query User{74B68A4B-1C3F-4321-821D-54F6F985B287}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"TCP Query User{7E2F5553-D1EE-4564-B249-7E154A435901}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=6 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"TCP Query User{82EF9803-6E57-4B0C-820E-2B63D318EF85}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{82F7028B-9C75-46FD-A721-023F36998A72}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8E23A563-F831-4E08-838D-235BFE9865BB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{93E969BB-F767-4EFD-8235-413499C80B51}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C1E705BE-B050-4A78-848C-3E31779366EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D1360833-87C7-4D61-9ABA-7EC64A28BEFE}D:\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 11\game\fifa.exe |
"TCP Query User{E77CECE7-EDD2-49DB-9DDA-A51307B70E16}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{EA83257C-C776-4F16-9750-A918D7C41BEB}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=6 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"TCP Query User{EC19C65C-D0DD-403B-AD42-65F781ED1B0B}D:\metek 2\divineworld\divineworld.exe" = protocol=6 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"TCP Query User{EE0A2045-0EA9-4D2D-A2D5-32CD80ABFC9C}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=6 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"TCP Query User{F744AC08-5B5E-45C7-A4DA-2DC6BF88E06C}D:\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{0B526415-1EB2-4D15-A940-E9C1D2B88303}C:\colin dirt\dirt.exe" = protocol=17 | dir=in | app=c:\colin dirt\dirt.exe |
"UDP Query User{0B99AF3F-5E6B-4EE7-A2AB-19F965EF381F}C:\programdata\f18ebc\bmf18_2121.exe" = protocol=17 | dir=in | app=c:\programdata\f18ebc\bmf18_2121.exe |
"UDP Query User{1F4B3D18-F9E9-4D47-9B39-DA6614F4CCB9}D:\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\uplauncher.exe |
"UDP Query User{22365DA8-5278-458F-B40A-7259B0275421}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{239CCEFF-103B-416E-A945-CE338ACEB032}D:\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod2\cod2mp_s.exe |
"UDP Query User{27E47F6A-F571-4138-B566-A6BDFC6AE548}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4465B7FD-FC8A-405D-B9D0-B17247558529}D:\metek 2\divineworld\divineworld.exe" = protocol=17 | dir=in | app=d:\metek 2\divineworld\divineworld.exe |
"UDP Query User{4B19F95B-2355-44D9-9EC3-5C578E91431F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5C142ED0-B1F7-4A78-9784-7D6E3BB19E86}C:\program files\catchingfeaturesdemo\cfdemo.exe" = protocol=17 | dir=in | app=c:\program files\catchingfeaturesdemo\cfdemo.exe |
"UDP Query User{5CC63669-C7B0-4D03-B7B5-2850E6502D72}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5EC3AA58-A351-4A34-90C6-989C3B53AE9D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{650AD0D8-F120-478F-9E96-835BE698CEDA}C:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\nowy folder\fifa 2012\game\fifa.exe |
"UDP Query User{74F46582-3097-4B8E-A153-822BB6B972F9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{803BAAB7-19DC-4925-96D2-A60DB8CF9255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ADFB3695-5395-44E7-B514-7E3A55956E04}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{D8B197BF-862D-4D82-9C37-137344FD4693}D:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=d:\gadu-gadu 10\gg.exe |
"UDP Query User{E53FCB25-1099-48EC-8720-D62107D184BA}D:\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 11\game\fifa.exe |
"UDP Query User{EF0CAB4E-C037-40A2-85E6-2E12FB175625}C:\program files\vox maris\instructor.exe" = protocol=17 | dir=in | app=c:\program files\vox maris\instructor.exe |
"UDP Query User{EF7F5D6E-7081-4C3A-8397-04DA45213E8B}D:\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=d:\tdu2\_uplauncher.exe |
"UDP Query User{F9D4AFC8-2539-4884-B8BF-72EC5B742481}C:\users\popr\desktop\tdu1\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\users\popr\desktop\tdu1\testdriveunlimited.exe |
"UDP Query User{FC70E2D9-289D-47DE-A03E-4FCCA1CBB5CE}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{FDCF8A27-78FC-4817-B599-F5F7EC1732E8}D:\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\game\fifa.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1" = FotoMix version 8.5.5
"{1C36647E-F5BD-43E9-BA64-5F274B7F7051}_is1" = Symulator Jazdy 2 v.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{531336A9-55EB-4367-8064-7180849D5676}" = calibre
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Catching Features Demo" = Catching Features Demo (remove only)
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Gadu-Gadu 10" = Gadu-Gadu 10
"Gimnazjum klasa 1 - Śladami przeszłości" = Gimnazjum klasa 1 - Śladami przeszłości
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{79597F4B-C3CD-4325-A969-21C6DE1688DF}" = Vox Maris - Instructor DEMO
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Logo Design Studio2.1.31" = Logo Design Studio
"LogoMaker_is1" = LogoMaker 3.0
"MAPA_MORSKA_BALTYKU_is1" = Mapsource - Mapa morska Bałtyku 0.7.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PIT Format 2011_is1" = PIT Format 2011
"Postal 2" = Postal 2
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"SearchCore for Browsers" = SearchCore for Browsers
"SFT_Polska Toolbar" = SFT_Polska Toolbar
"Spolszczenie do Lineage II_is1" = Spolszczenie do Lineage II Freya
"Spolszczenie Lineage 2 Chronicle 4_is1" = Wersja 1.01
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"UEFA EURO 2012_is1" = UEFA EURO 2012
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-822608490-2436766180-1729568173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"FoxTab FLV Player" = FoxTab FLV Player
"MyPaint" = MyPaint 0.9.1

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-10 15:04:18 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:04:25 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2012-07-10 15:04:26 | Computer Name = POPR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2012-07-10 15:04:29 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:04:29 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:04:38 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:04:39 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:04:58 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:05:44 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2012-07-10 15:05:46 | Computer Name = POPR-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

[ System Events ]
Error - 2012-07-10 07:48:55 | Computer Name = POPR-PC | Source = DCOM | ID = 10005
Description =

Error - 2012-07-10 10:22:04 | Computer Name = POPR-PC | Source = bowser | ID = 8003
Description =

Error - 2012-07-10 13:09:56 | Computer Name = POPR-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 18:59:56 na 2012-07-10 było nieoczekiwane.

Error - 2012-07-10 13:10:03 | Computer Name = POPR-PC | Source = Print | ID = 19
Description = Bufor wydruku nie może udostępnić drukarki Wysyłanie do programu OneNote
2007 z nazwą udostępnionego zasobu Wysyłanie do programu OneNote 2007. Błąd 2114.
Inne osoby w sieci nie mogą korzystać z drukarki.

Error - 2012-07-10 13:10:03 | Computer Name = POPR-PC | Source = Print | ID = 19
Description = Bufor wydruku nie może udostępnić drukarki HP Officejet J4500 Series
z nazwą udostępnionego zasobu HP Officejet J4500 Series. Błąd 2114. Inne osoby
w sieci nie mogą korzystać z drukarki.

Error - 2012-07-10 14:19:00 | Computer Name = POPR-PC | Source = HTTP | ID = 15016
Description =

Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2012-07-10 14:19:33 | Computer Name = POPR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2012-07-10 14:24:26 | Computer Name = POPR-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description =


< End of report >
[/log]

Wrzucilem logi z OTL'a poniewaz nie jest to moj komputer a osoba ktora z niego korzysta uzyla ComboFixa na przyslowiowa 'pale' i nie moge znalezc raportu. Co do tego co dla mnie zrobiles to wielkie dziekuje :) Wirus zostal usuniety i ponownie moge korzystac z komputera. Piwo dla Ciebie! Masz leb!

Gość
komentarz
komentarz (edytowane)

Podaj mi tylko ścieżkę do instalki Combofixa. To narzedzie nie zajmuje się usuwanie tej infekcji. Chodzi mi o prawidłowe odinstalowanie. Jeśli na dysku nie ma [b]ComboFix.exe[/b] należy go jeszcze raz pobrać i umieśći tam gdzie był oraz podac ścieżkę do pliku.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.