x-kom hosting

Taskeng.exe, NTVDM, wirus?

Snakuu
utworzono
utworzono (edytowane)

Witam.
Wczoraj wróciłem z wakacji i na komputerze, z którego korzystała siostra robią się dość dziwne rzeczy. Co jakiś czas odpala się czarne okienko, dokładnie takie jakbym otworzył chociażby cmd, jednak zatytułowane jest taskeng.exe. Czasami włączas się na niespełna sekundę, a czasami nawet i na 10. Gdy włączy się na dłużej czasami zmienia się jego nazwa na NTVDM xxxxxxxxxxxx (x'y oznaczają jakieś cyfry czy znaki). Dodatkowo w procesach mam włączone dwa razy taskeng.exe. Przeskanowałem komputer Spybotem, Anti Malwarem i Microsoft Security Essentials, coś poznajdowało, kilka trojanów, jednak usunięte zostały, a problem czarnego okna dalej pozostał. Dzisiaj nawet Spybot zaczął coś wariować i w systemowym folderze poznajdywał coś, a później monitor zrobił się na jakąś minutę cały czarny.
Co to może być? Proszę bardzo o pomoc...
Tutaj zamieszczam screeny
[img]http://www.fotoszok.pl/upload/acd95930.jpg[/img]
[img]http://www.fotoszok.pl/upload/73138229.jpg[/img]
LOGI
[log] OTL logfile created on: 2012-08-08 12:03:25 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 26,54% Memory free
4,23 Gb Paging File | 2,38 Gb Available in Paging File | 56,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,56 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
Drive D: | 190,43 Gb Total Space | 167,54 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive E: | 177,67 Gb Total Space | 124,58 Gb Free Space | 70,12% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-08-08 11:59:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2012-07-20 15:27:50 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox v6\firefox.exe
PRC - [2012-07-20 15:27:40 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox v6\plugin-container.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-07-03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012-06-03 00:19:33 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-02-27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012-01-17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2011-11-16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011-08-30 23:05:02 | 000,390,504 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2009-12-22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2009-11-11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-10-27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-10-27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-10-27 10:14:22 | 000,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009-08-18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 08:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
PRC - [2009-04-11 08:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009-02-15 22:32:34 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- E:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-12-30 17:54:33 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008-07-24 17:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-03 19:37:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008-02-26 03:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- D:\leszek\Picasa2\PicasaMediaDetector.exe
PRC - [2008-02-19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008-01-31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008-01-19 09:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 09:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 09:33:09 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-19 09:33:09 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-10-11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007-09-03 12:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-07-25 15:50:26 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-07-18 17:55:20 | 000,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007-06-01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007-06-01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-05-17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007-04-10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2006-03-06 16:55:32 | 000,086,016 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-20 15:27:42 | 002,003,424 | ---- | M] () -- C:\Mozilla Firefox v6\mozjs.dll
MOD - [2012-01-29 14:10:11 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2009-09-23 16:04:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2008-08-12 11:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008-07-29 14:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008-07-29 14:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008-07-29 14:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008-07-29 14:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008-07-29 13:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2008-07-24 17:01:40 | 000,090,112 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
MOD - [2008-07-24 17:01:38 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2008-05-31 11:57:38 | 000,132,608 | ---- | M] () -- C:\Users\admin\Documents\w.rar\winrar\rarext.dll
MOD - [2007-02-16 17:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007-02-16 17:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006-03-06 16:55:50 | 000,094,208 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\voice_api.dll
MOD - [2006-03-06 16:55:46 | 000,049,152 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\plugins\clipboard.dll
MOD - [2006-03-06 16:55:42 | 000,049,152 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\plugins\clock.dll
MOD - [2006-03-06 16:55:40 | 000,053,248 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\plugins\keyboard.dll
MOD - [2006-03-06 16:55:36 | 000,126,976 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\plugins\mail.dll
MOD - [2006-03-06 16:55:32 | 000,086,016 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe
MOD - [2006-03-06 16:55:22 | 000,069,632 | ---- | M] () -- C:\Program Files\ivo\UniSpiker-2.6\unispiker_api.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- E:\Spybot -- (SBSDWSCService)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-12-22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-10-17 23:02:00 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-05-17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006-12-14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005-11-17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- D:\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab4369aa)
DRV - [2012-08-08 11:42:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-04-04 18:48:23 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2012-03-20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-02-09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-12-22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009-10-06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008-11-17 17:34:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-06-26 12:04:06 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007-11-18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-04-10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006-07-05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006-06-14 19:12:13 | 000,078,184 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2003-10-04 00:08:00 | 000,099,476 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STK016W2.sys -- (DCamUSBSTK016)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{D4C4DFE8-E1EB-4145-9394-387334665F7F}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{D4C4DFE8-E1EB-4145-9394-387334665F7F}?q={searchTerms}
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}DFE8-E1EB-4145-9394-387334665F7F}?q={searchTerms}
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\leszek\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\admin\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\admin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Mozilla Firefox v6\components [2012-07-20 15:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Mozilla Firefox v6\plugins [2012-08-03 08:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Mozilla Firefox v6\components [2012-07-20 15:27:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Mozilla Firefox v6\plugins [2012-08-03 08:38:12 | 000,000,000 | ---D | M]

[2010-03-31 22:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012-08-03 08:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions
[2011-11-16 20:23:10 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011-08-12 19:34:21 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012-06-27 14:17:20 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010-06-25 12:49:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-07-17 20:19:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-04-01 17:03:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\engine@conduit.com
[2012-08-03 08:44:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\toolbar@ask.com
[2012-08-03 08:48:01 | 000,002,299 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3l4hze7.default\searchplugins\askcom.xml
[2010-06-25 15:04:19 | 000,000,873 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3l4hze7.default\searchplugins\conduit.xml
[2011-09-10 00:38:17 | 000,052,184 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3L4HZE7.DEFAULT\EXTENSIONS\{9D6218B8-03C7-4B91-AA43-680B305DD35C}.XPI
[2011-12-16 17:22:10 | 000,395,175 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3L4HZE7.DEFAULT\EXTENSIONS\HYPER@IANNET.ORG.XPI
[2011-05-31 13:52:40 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[color=#E56717]========== Chrome ==========[/color]


O1 HOSTS File: ([2008-08-23 12:56:01 | 000,000,003 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll File not found
O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll File not found
O3 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BearShare] "E:\berszar\bir szare\BearShare.exe" /pause File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe File not found
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [KiesTrayAgent] D:\\/\KiesTrayAgent.exe ()
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart File not found
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [Picasa Media Detector] D:\leszek\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniSpiker-2.6.lnk = C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe ()
O7 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F42472A-69C5-4131-93ED-75F98E3960F8}: DhcpNameServer = 62.179.1.62 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg
O28 - HKLM ShellExecuteHooks: {0A43AB64-3AB7-46C5-9FF5-5F718367B9E3} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{63e179a0-baad-11e0-b105-001d7dc22191}\Shell - "" = AutoRun
O33 - MountPoints2\{63e179a0-baad-11e0-b105-001d7dc22191}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\{db428ab1-dbea-11dd-af03-001d7dc22191}\Shell\Auto\command - "" = PegeFile.pif
O33 - MountPoints2\{db428ab1-dbea-11dd-af03-001d7dc22191}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell - "" = AutoRun
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell\AutoRun\command - "" = H:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell\readme\command - "" = notepad czytajto.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: [b]Anti Trojan Elite[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]JP595IR86O[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SpybotSD TeaTimer[/b] - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-08-08 11:59:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012-08-08 11:57:32 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012-08-08 11:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012-08-08 11:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-08-08 11:42:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012-08-07 23:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-08-07 23:10:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-08-03 08:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012-08-03 08:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012-08-03 08:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012-08-01 13:26:01 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\łazienka projekt
[2012-07-31 22:24:09 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\PTILES
[2012-07-31 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\PDATANF
[2012-07-13 19:26:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mp3tag
[2012-07-12 20:06:59 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-07-12 20:02:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-07-12 20:02:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-07-12 20:02:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-07-12 20:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-07-12 20:02:30 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-07-12 20:02:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-07-12 20:02:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-07-11 23:23:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012-07-09 07:38:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012-07-08 12:51:12 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\ałazienka
[2012-07-04 00:00:00 | 000,000,000 | ---D | C] -- C:\Temp projects
[2012-07-03 23:43:49 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\ver192
[2012-07-01 19:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012-07-01 19:20:18 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Zdjecia
[2012-06-29 23:23:42 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\zdj z panas
[2012-06-21 09:27:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012-06-21 09:27:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012-06-21 09:27:03 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012-06-21 09:27:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012-06-21 09:27:03 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012-06-21 09:26:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012-06-21 09:26:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008-10-13 16:10:12 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\admin\vbzip10.dll
[2008-07-12 00:05:34 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\admin\mqdmmdm.sys
[2008-07-12 00:05:34 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\admin\mqdmserd.sys
[2008-07-12 00:05:34 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\admin\mqdmbus.sys
[2008-07-12 00:05:34 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\admin\mqdmmdfl.sys
[2008-07-12 00:05:34 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\admin\mqdmcmnt.sys
[2008-07-12 00:05:34 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\admin\mqdmwhnt.sys
[2008-07-12 00:05:34 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\admin\mqdmcr.sys
[2008-07-11 23:29:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\usbsermptxp.sys
[2008-07-11 23:29:14 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\usbsermpt.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-08-08 11:59:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012-08-08 11:55:45 | 000,015,169 | ---- | M] () -- C:\Users\admin\Desktop\taskeng.jpg
[2012-08-08 11:55:36 | 000,014,478 | ---- | M] () -- C:\Users\admin\Desktop\ntvdm.jpg
[2012-08-08 11:30:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-08 11:30:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-08 11:26:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-08 11:26:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-08 11:26:38 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012-08-08 11:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-08 07:32:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012-08-07 23:10:19 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-07 22:22:18 | 000,002,347 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office PowerPoint 2003.lnk
[2012-08-07 21:28:04 | 000,129,802 | ---- | M] () -- C:\Users\admin\Documents\Frame#714 - XMoo-195 - normal.jpg
[2012-08-07 21:26:17 | 000,129,661 | ---- | M] () -- C:\Users\admin\Documents\P4100328(1).JPG
[2012-08-07 21:25:36 | 000,116,294 | ---- | M] () -- C:\Users\admin\Documents\P4100325(1).JPG
[2012-08-07 21:24:39 | 000,141,112 | ---- | M] () -- C:\Users\admin\Documents\P4100320(1).JPG
[2012-08-07 21:23:16 | 000,122,844 | ---- | M] () -- C:\Users\admin\Documents\P4100303(1).JPG
[2012-08-07 21:22:15 | 000,106,555 | ---- | M] () -- C:\Users\admin\Documents\P4100220(1).JPG
[2012-08-07 21:20:18 | 000,131,027 | ---- | M] () -- C:\Users\admin\Documents\P4100181(1).JPG
[2012-08-07 21:18:44 | 000,106,702 | ---- | M] () -- C:\Users\admin\Documents\P4100167.JPG
[2012-08-07 21:17:24 | 000,131,027 | ---- | M] () -- C:\Users\admin\Documents\P4100181.JPG
[2012-08-07 21:15:09 | 000,121,904 | ---- | M] () -- C:\Users\admin\Documents\P4100052(1).JPG
[2012-08-07 21:14:07 | 000,105,155 | ---- | M] () -- C:\Users\admin\Documents\P4100014(2).JPG
[2012-08-07 21:12:17 | 000,083,770 | ---- | M] () -- C:\Users\admin\Documents\P4100033(2).JPG
[2012-08-07 21:12:02 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\P4100014(1).JPG
[2012-08-07 21:11:15 | 000,092,928 | ---- | M] () -- C:\Users\admin\Documents\P4100013(2).JPG
[2012-08-07 21:10:47 | 000,099,764 | ---- | M] () -- C:\Users\admin\Documents\P4100012(1).JPG
[2012-08-07 21:09:41 | 000,150,187 | ---- | M] () -- C:\Users\admin\Documents\P4100007(1).JPG
[2012-08-07 18:56:57 | 000,674,240 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-08-07 18:56:57 | 000,598,136 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-08-07 18:56:57 | 000,131,548 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-08-07 18:56:57 | 000,105,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-08-06 21:19:43 | 000,133,915 | ---- | M] () -- C:\Users\admin\Documents\DSCF1252.jpg
[2012-08-06 21:18:51 | 000,155,379 | ---- | M] () -- C:\Users\admin\Documents\DSCF1251.jpg
[2012-08-06 21:18:41 | 000,121,774 | ---- | M] () -- C:\Users\admin\Documents\DSCF1230.jpg
[2012-08-06 21:17:48 | 000,127,740 | ---- | M] () -- C:\Users\admin\Documents\DSCF1229.jpg
[2012-08-06 21:17:01 | 000,124,890 | ---- | M] () -- C:\Users\admin\Documents\DSCF1228.jpg
[2012-08-06 21:15:19 | 000,224,240 | ---- | M] () -- C:\Users\admin\Documents\DSCF1226.jpg
[2012-08-06 21:13:48 | 000,146,720 | ---- | M] () -- C:\Users\admin\Documents\DSCF1224.jpg
[2012-08-06 21:12:51 | 000,128,836 | ---- | M] () -- C:\Users\admin\Documents\DSCF1223.jpg
[2012-08-06 21:12:18 | 002,700,379 | ---- | M] () -- C:\Users\admin\Documents\DSCF1215.jpg
[2012-08-06 21:10:30 | 000,141,745 | ---- | M] () -- C:\Users\admin\Documents\DSCF1214.jpg
[2012-08-06 21:09:50 | 000,128,635 | ---- | M] () -- C:\Users\admin\Documents\DSCF1213.jpg
[2012-08-06 21:09:27 | 000,155,993 | ---- | M] () -- C:\Users\admin\Documents\DSCF1212.jpg
[2012-08-06 21:08:58 | 000,145,988 | ---- | M] () -- C:\Users\admin\Documents\DSCF1198.jpg
[2012-08-06 21:08:22 | 000,141,236 | ---- | M] () -- C:\Users\admin\Documents\DSCF1185.jpg
[2012-08-06 21:07:48 | 000,141,210 | ---- | M] () -- C:\Users\admin\Documents\DSCF1184.jpg
[2012-08-06 21:07:03 | 000,146,305 | ---- | M] () -- C:\Users\admin\Documents\DSCF1174.jpg
[2012-08-06 21:04:52 | 000,149,929 | ---- | M] () -- C:\Users\admin\Documents\DSCF1173.jpg
[2012-08-06 21:04:07 | 000,179,545 | ---- | M] () -- C:\Users\admin\Documents\DSCF1169.jpg
[2012-08-06 21:03:33 | 000,217,438 | ---- | M] () -- C:\Users\admin\Documents\DSCF1165.jpg
[2012-08-06 21:02:53 | 000,213,713 | ---- | M] () -- C:\Users\admin\Documents\DSCF1161.jpg
[2012-08-06 21:01:53 | 000,161,173 | ---- | M] () -- C:\Users\admin\Documents\DSCF1154.jpg
[2012-08-06 21:00:13 | 000,153,981 | ---- | M] () -- C:\Users\admin\Documents\DSCF1153.jpg
[2012-08-06 20:47:05 | 000,149,191 | ---- | M] () -- C:\Users\admin\Documents\SAM_0476(1).JPG
[2012-08-06 20:46:21 | 000,147,483 | ---- | M] () -- C:\Users\admin\Documents\SAM_0503(1).JPG
[2012-08-06 20:45:46 | 000,137,826 | ---- | M] () -- C:\Users\admin\Documents\SAM_0496(1).JPG
[2012-08-06 20:44:58 | 000,141,801 | ---- | M] () -- C:\Users\admin\Documents\SAM_0498(1).JPG
[2012-08-06 20:43:53 | 000,147,483 | ---- | M] () -- C:\Users\admin\Documents\SAM_0503.JPG
[2012-08-06 20:43:36 | 000,149,191 | ---- | M] () -- C:\Users\admin\Documents\SAM_0476.JPG
[2012-08-06 20:43:36 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\SAM_0496.JPG
[2012-08-06 20:43:35 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\SAM_0498.JPG
[2012-08-06 20:43:01 | 000,137,639 | ---- | M] () -- C:\Users\admin\Documents\SAM_0475.JPG
[2012-08-06 20:36:40 | 000,218,088 | ---- | M] () -- C:\Users\admin\Documents\SAM_0066.JPG
[2012-08-06 20:36:21 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\SAM_0070.JPG
[2012-08-06 20:36:20 | 000,000,000 | ---- | M] () -- C:\Users\admin\Documents\SAM_0064.JPG
[2012-08-06 20:36:05 | 000,176,205 | ---- | M] () -- C:\Users\admin\Documents\SAM_0062.JPG
[2012-08-06 20:35:55 | 000,155,906 | ---- | M] () -- C:\Users\admin\Documents\SAM_0042.JPG
[2012-08-06 20:35:20 | 000,158,257 | ---- | M] () -- C:\Users\admin\Documents\SAM_0041.JPG
[2012-08-06 20:23:47 | 000,119,851 | ---- | M] () -- C:\Users\admin\Documents\S5001782.JPG
[2012-08-06 20:22:55 | 000,100,328 | ---- | M] () -- C:\Users\admin\Documents\P1010744.JPG
[2012-08-06 20:21:40 | 000,124,110 | ---- | M] () -- C:\Users\admin\Documents\P1010743.JPG
[2012-08-06 20:21:01 | 000,137,010 | ---- | M] () -- C:\Users\admin\Documents\P1010711.JPG
[2012-08-06 20:19:52 | 000,108,905 | ---- | M] () -- C:\Users\admin\Documents\P1010705.JPG
[2012-08-06 20:19:03 | 000,200,283 | ---- | M] () -- C:\Users\admin\Documents\P1010702.JPG
[2012-08-06 20:18:29 | 000,166,124 | ---- | M] () -- C:\Users\admin\Documents\P1010693.JPG
[2012-08-06 20:17:30 | 000,108,277 | ---- | M] () -- C:\Users\admin\Documents\P1010680.JPG
[2012-08-06 20:16:55 | 000,094,489 | ---- | M] () -- C:\Users\admin\Documents\P1010665.JPG
[2012-08-06 20:15:48 | 000,081,174 | ---- | M] () -- C:\Users\admin\Documents\P1010635.JPG
[2012-08-06 20:14:17 | 000,158,591 | ---- | M] () -- C:\Users\admin\Documents\P1010634.JPG
[2012-08-06 20:12:46 | 000,099,936 | ---- | M] () -- C:\Users\admin\Documents\P1010605.JPG
[2012-08-06 20:11:49 | 000,079,223 | ---- | M] () -- C:\Users\admin\Documents\P1010602.JPG
[2012-08-06 20:09:40 | 000,114,510 | ---- | M] () -- C:\Users\admin\Documents\P1010599.JPG
[2012-08-06 20:08:34 | 000,149,293 | ---- | M] () -- C:\Users\admin\Documents\P1010596.JPG
[2012-08-06 20:07:12 | 000,120,582 | ---- | M] () -- C:\Users\admin\Documents\P1010591.JPG
[2012-08-06 20:06:07 | 000,135,944 | ---- | M] () -- C:\Users\admin\Documents\P1010590.JPG
[2012-08-06 20:05:13 | 000,104,029 | ---- | M] () -- C:\Users\admin\Documents\P1010587.JPG
[2012-08-02 21:32:32 | 000,012,189 | ---- | M] () -- C:\Users\admin\Desktop\stół3.jpg
[2012-08-02 21:32:11 | 000,011,671 | ---- | M] () -- C:\Users\admin\Desktop\stół2.jpg
[2012-08-02 21:31:45 | 000,012,443 | ---- | M] () -- C:\Users\admin\Desktop\stół.jpg
[2012-08-02 10:34:13 | 000,083,456 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-25 20:19:37 | 103,666,092 | ---- | M] () -- C:\Users\admin\Documents\MOV009.3gp
[2012-07-13 15:31:13 | 000,009,201 | ---- | M] () -- C:\Users\admin\.recently-used.xbel
[2012-07-12 22:33:30 | 000,443,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-07-09 07:38:28 | 000,001,647 | ---- | M] () -- C:\Users\admin\Desktop\IrfanView Thumbnails.lnk
[2012-07-08 12:46:27 | 000,000,000 | ---- | M] () -- C:\Users\admin\Desktop\Nowy Obraz programu Photoshop.psd
[2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-07-01 19:26:00 | 002,015,846 | ---- | M] () -- C:\Users\admin\Documents\SAM_0998.jpg
[2012-06-30 16:26:15 | 000,009,289 | -HS- | M] () -- C:\Users\admin\Desktop\Folder.jpg
[2012-06-30 16:26:15 | 000,002,254 | -HS- | M] () -- C:\Users\admin\Desktop\AlbumArtSmall.jpg
[2012-06-25 20:48:10 | 000,067,156 | ---- | M] () -- C:\Users\admin\Documents\Zdjęcie0036.jpg
[2012-06-25 20:48:08 | 000,073,396 | ---- | M] () -- C:\Users\admin\Documents\Zdjęcie0035.jpg
[2012-06-25 20:48:07 | 000,060,638 | ---- | M] () -- C:\Users\admin\Documents\Zdjęcie0034.jpg
[2012-06-13 15:40:21 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-08 11:55:45 | 000,015,169 | ---- | C] () -- C:\Users\admin\Desktop\taskeng.jpg
[2012-08-08 11:55:36 | 000,014,478 | ---- | C] () -- C:\Users\admin\Desktop\ntvdm.jpg
[2012-08-07 23:10:19 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-07 21:27:47 | 000,129,802 | ---- | C] () -- C:\Users\admin\Documents\Frame#714 - XMoo-195 - normal.jpg
[2012-08-07 21:25:58 | 000,129,661 | ---- | C] () -- C:\Users\admin\Documents\P4100328(1).JPG
[2012-08-07 21:25:19 | 000,116,294 | ---- | C] () -- C:\Users\admin\Documents\P4100325(1).JPG
[2012-08-07 21:24:21 | 000,141,112 | ---- | C] () -- C:\Users\admin\Documents\P4100320(1).JPG
[2012-08-07 21:22:58 | 000,122,844 | ---- | C] () -- C:\Users\admin\Documents\P4100303(1).JPG
[2012-08-07 21:21:58 | 000,106,555 | ---- | C] () -- C:\Users\admin\Documents\P4100220(1).JPG
[2012-08-07 21:20:00 | 000,131,027 | ---- | C] () -- C:\Users\admin\Documents\P4100181(1).JPG
[2012-08-07 21:18:27 | 000,106,702 | ---- | C] () -- C:\Users\admin\Documents\P4100167.JPG
[2012-08-07 21:17:07 | 000,131,027 | ---- | C] () -- C:\Users\admin\Documents\P4100181.JPG
[2012-08-07 21:14:51 | 000,121,904 | ---- | C] () -- C:\Users\admin\Documents\P4100052(1).JPG
[2012-08-07 21:13:50 | 000,105,155 | ---- | C] () -- C:\Users\admin\Documents\P4100014(2).JPG
[2012-08-07 21:12:02 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\P4100014(1).JPG
[2012-08-07 21:12:01 | 000,083,770 | ---- | C] () -- C:\Users\admin\Documents\P4100033(2).JPG
[2012-08-07 21:10:58 | 000,092,928 | ---- | C] () -- C:\Users\admin\Documents\P4100013(2).JPG
[2012-08-07 21:10:25 | 000,099,764 | ---- | C] () -- C:\Users\admin\Documents\P4100012(1).JPG
[2012-08-07 21:09:23 | 000,150,187 | ---- | C] () -- C:\Users\admin\Documents\P4100007(1).JPG
[2012-08-06 21:19:00 | 000,133,915 | ---- | C] () -- C:\Users\admin\Documents\DSCF1252.jpg
[2012-08-06 21:18:03 | 000,155,379 | ---- | C] () -- C:\Users\admin\Documents\DSCF1251.jpg
[2012-08-06 21:17:55 | 000,121,774 | ---- | C] () -- C:\Users\admin\Documents\DSCF1230.jpg
[2012-08-06 21:17:13 | 000,127,740 | ---- | C] () -- C:\Users\admin\Documents\DSCF1229.jpg
[2012-08-06 21:16:09 | 000,124,890 | ---- | C] () -- C:\Users\admin\Documents\DSCF1228.jpg
[2012-08-06 21:14:17 | 000,224,240 | ---- | C] () -- C:\Users\admin\Documents\DSCF1226.jpg
[2012-08-06 21:13:23 | 000,146,720 | ---- | C] () -- C:\Users\admin\Documents\DSCF1224.jpg
[2012-08-06 21:12:33 | 000,128,836 | ---- | C] () -- C:\Users\admin\Documents\DSCF1223.jpg
[2012-08-06 21:10:37 | 002,700,379 | ---- | C] () -- C:\Users\admin\Documents\DSCF1215.jpg
[2012-08-06 21:10:12 | 000,141,745 | ---- | C] () -- C:\Users\admin\Documents\DSCF1214.jpg
[2012-08-06 21:09:33 | 000,128,635 | ---- | C] () -- C:\Users\admin\Documents\DSCF1213.jpg
[2012-08-06 21:09:09 | 000,155,993 | ---- | C] () -- C:\Users\admin\Documents\DSCF1212.jpg
[2012-08-06 21:08:40 | 000,145,988 | ---- | C] () -- C:\Users\admin\Documents\DSCF1198.jpg
[2012-08-06 21:08:05 | 000,141,236 | ---- | C] () -- C:\Users\admin\Documents\DSCF1185.jpg
[2012-08-06 21:07:30 | 000,141,210 | ---- | C] () -- C:\Users\admin\Documents\DSCF1184.jpg
[2012-08-06 21:06:45 | 000,146,305 | ---- | C] () -- C:\Users\admin\Documents\DSCF1174.jpg
[2012-08-06 21:04:33 | 000,149,929 | ---- | C] () -- C:\Users\admin\Documents\DSCF1173.jpg
[2012-08-06 21:03:47 | 000,179,545 | ---- | C] () -- C:\Users\admin\Documents\DSCF1169.jpg
[2012-08-06 21:03:11 | 000,217,438 | ---- | C] () -- C:\Users\admin\Documents\DSCF1165.jpg
[2012-08-06 21:02:32 | 000,213,713 | ---- | C] () -- C:\Users\admin\Documents\DSCF1161.jpg
[2012-08-06 21:01:34 | 000,161,173 | ---- | C] () -- C:\Users\admin\Documents\DSCF1154.jpg
[2012-08-06 20:59:54 | 000,153,981 | ---- | C] () -- C:\Users\admin\Documents\DSCF1153.jpg
[2012-08-06 20:46:45 | 000,149,191 | ---- | C] () -- C:\Users\admin\Documents\SAM_0476(1).JPG
[2012-08-06 20:46:02 | 000,147,483 | ---- | C] () -- C:\Users\admin\Documents\SAM_0503(1).JPG
[2012-08-06 20:45:28 | 000,137,826 | ---- | C] () -- C:\Users\admin\Documents\SAM_0496(1).JPG
[2012-08-06 20:44:39 | 000,141,801 | ---- | C] () -- C:\Users\admin\Documents\SAM_0498(1).JPG
[2012-08-06 20:43:36 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\SAM_0496.JPG
[2012-08-06 20:43:35 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\SAM_0498.JPG
[2012-08-06 20:43:33 | 000,147,483 | ---- | C] () -- C:\Users\admin\Documents\SAM_0503.JPG
[2012-08-06 20:43:17 | 000,149,191 | ---- | C] () -- C:\Users\admin\Documents\SAM_0476.JPG
[2012-08-06 20:42:43 | 000,137,639 | ---- | C] () -- C:\Users\admin\Documents\SAM_0475.JPG
[2012-08-06 20:36:21 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\SAM_0070.JPG
[2012-08-06 20:36:20 | 000,000,000 | ---- | C] () -- C:\Users\admin\Documents\SAM_0064.JPG
[2012-08-06 20:36:19 | 000,218,088 | ---- | C] () -- C:\Users\admin\Documents\SAM_0066.JPG
[2012-08-06 20:35:46 | 000,176,205 | ---- | C] () -- C:\Users\admin\Documents\SAM_0062.JPG
[2012-08-06 20:35:36 | 000,155,906 | ---- | C] () -- C:\Users\admin\Documents\SAM_0042.JPG
[2012-08-06 20:35:02 | 000,158,257 | ---- | C] () -- C:\Users\admin\Documents\SAM_0041.JPG
[2012-08-06 20:23:28 | 000,119,851 | ---- | C] () -- C:\Users\admin\Documents\S5001782.JPG
[2012-08-06 20:22:38 | 000,100,328 | ---- | C] () -- C:\Users\admin\Documents\P1010744.JPG
[2012-08-06 20:21:21 | 000,124,110 | ---- | C] () -- C:\Users\admin\Documents\P1010743.JPG
[2012-08-06 20:20:42 | 000,137,010 | ---- | C] () -- C:\Users\admin\Documents\P1010711.JPG
[2012-08-06 20:19:33 | 000,108,905 | ---- | C] () -- C:\Users\admin\Documents\P1010705.JPG
[2012-08-06 20:18:37 | 000,200,283 | ---- | C] () -- C:\Users\admin\Documents\P1010702.JPG
[2012-08-06 20:17:39 | 000,166,124 | ---- | C] () -- C:\Users\admin\Documents\P1010693.JPG
[2012-08-06 20:16:58 | 000,108,277 | ---- | C] () -- C:\Users\admin\Documents\P1010680.JPG
[2012-08-06 20:16:05 | 000,094,489 | ---- | C] () -- C:\Users\admin\Documents\P1010665.JPG
[2012-08-06 20:15:10 | 000,081,174 | ---- | C] () -- C:\Users\admin\Documents\P1010635.JPG
[2012-08-06 20:12:59 | 000,158,591 | ---- | C] () -- C:\Users\admin\Documents\P1010634.JPG
[2012-08-06 20:11:55 | 000,099,936 | ---- | C] () -- C:\Users\admin\Documents\P1010605.JPG
[2012-08-06 20:11:05 | 000,079,223 | ---- | C] () -- C:\Users\admin\Documents\P1010602.JPG
[2012-08-06 20:08:38 | 000,114,510 | ---- | C] () -- C:\Users\admin\Documents\P1010599.JPG
[2012-08-06 20:07:24 | 000,149,293 | ---- | C] () -- C:\Users\admin\Documents\P1010596.JPG
[2012-08-06 20:06:25 | 000,120,582 | ---- | C] () -- C:\Users\admin\Documents\P1010591.JPG
[2012-08-06 20:05:21 | 000,135,944 | ---- | C] () -- C:\Users\admin\Documents\P1010590.JPG
[2012-08-06 20:04:36 | 000,104,029 | ---- | C] () -- C:\Users\admin\Documents\P1010587.JPG
[2012-08-02 21:32:31 | 000,012,189 | ---- | C] () -- C:\Users\admin\Desktop\stół3.jpg
[2012-08-02 21:32:10 | 000,011,671 | ---- | C] () -- C:\Users\admin\Desktop\stół2.jpg
[2012-08-02 21:31:44 | 000,012,443 | ---- | C] () -- C:\Users\admin\Desktop\stół.jpg
[2012-07-13 15:31:13 | 000,009,201 | ---- | C] () -- C:\Users\admin\.recently-used.xbel
[2012-07-09 07:38:28 | 000,001,647 | ---- | C] () -- C:\Users\admin\Desktop\IrfanView Thumbnails.lnk
[2012-07-08 12:46:27 | 000,000,000 | ---- | C] () -- C:\Users\admin\Desktop\Nowy Obraz programu Photoshop.psd
[2012-07-01 19:26:00 | 002,015,846 | ---- | C] () -- C:\Users\admin\Documents\SAM_0998.jpg
[2012-06-30 16:26:15 | 000,009,289 | -HS- | C] () -- C:\Users\admin\Desktop\Folder.jpg
[2012-06-30 16:26:15 | 000,002,254 | -HS- | C] () -- C:\Users\admin\Desktop\AlbumArtSmall.jpg
[2012-06-25 21:54:01 | 103,666,092 | ---- | C] () -- C:\Users\admin\Documents\MOV009.3gp
[2012-06-25 20:47:39 | 000,067,156 | ---- | C] () -- C:\Users\admin\Documents\Zdjęcie0036.jpg
[2012-06-25 20:47:36 | 000,073,396 | ---- | C] () -- C:\Users\admin\Documents\Zdjęcie0035.jpg
[2012-06-25 20:47:34 | 000,060,638 | ---- | C] () -- C:\Users\admin\Documents\Zdjęcie0034.jpg
[2012-03-14 08:42:57 | 000,000,048 | ---- | C] () -- C:\Users\admin\AppData\Local\ADMIN-PC.cfg
[2012-01-19 14:40:52 | 000,000,565 | ---- | C] () -- C:\Windows\Spidey.ini
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-02-14 22:25:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-02-14 22:25:09 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-02-14 22:25:09 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-02-14 22:25:09 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-02-14 20:04:44 | 000,105,760 | ---- | C] () -- C:\Windows\os4.exe
[2011-02-14 20:04:43 | 000,059,904 | ---- | C] () -- C:\Windows\zlib1.dll
[2011-02-14 20:04:43 | 000,000,322 | ---- | C] () -- C:\Windows\Last.dat
[2011-02-14 20:04:43 | 000,000,031 | ---- | C] () -- C:\Windows\memlist.dat
[2011-02-14 20:04:43 | 000,000,009 | ---- | C] () -- C:\Windows\Language.dat
[2011-02-14 20:04:43 | 000,000,004 | ---- | C] () -- C:\Windows\test.dat
[2011-01-16 19:02:25 | 000,005,009 | ---- | C] () -- C:\ProgramData\surkpqid.bdr
[2010-11-13 12:40:18 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009-08-23 18:41:58 | 000,092,312 | ---- | C] () -- C:\Users\admin\1251045718-oem25.PNF
[2009-08-23 18:41:58 | 000,048,144 | ---- | C] () -- C:\Users\admin\1251045718-oem25.inf
[2009-08-23 18:15:02 | 000,018,104 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia
[2009-08-23 18:15:02 | 000,016,524 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (3)
[2009-08-23 18:15:02 | 000,008,888 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (5)
[2009-08-23 18:15:02 | 000,008,400 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (7)
[2009-08-23 18:15:02 | 000,006,989 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (4)
[2009-08-23 18:15:02 | 000,006,947 | ---- | C] () -- C:\Users\admin\1251044102-(null)
[2009-08-23 18:15:02 | 000,005,877 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (2)
[2009-08-23 18:15:02 | 000,004,477 | ---- | C] () -- C:\Users\admin\1251044102-(null) - Kopia (6)
[2009-08-23 18:06:58 | 000,098,320 | ---- | C] () -- C:\Users\admin\1251043618-oem24.PNF
[2009-08-23 18:06:58 | 000,052,503 | ---- | C] () -- C:\Users\admin\1251043618-oem24.inf
[2009-04-27 19:49:21 | 000,000,027 | ---- | C] () -- C:\Users\admin\.gtk-bookmarks
[2009-01-18 22:16:57 | 000,011,168 | -H-- | C] () -- C:\ProgramData\tamezimu
[2008-10-13 20:10:23 | 000,000,511 | ---- | C] () -- C:\Users\admin\560.bat
[2008-10-13 18:43:36 | 000,000,511 | ---- | C] () -- C:\Users\admin\878.bat
[2008-10-13 16:15:30 | 000,000,511 | ---- | C] () -- C:\Users\admin\408.bat
[2008-10-13 16:06:15 | 000,000,511 | ---- | C] () -- C:\Users\admin\106.bat
[2008-10-13 16:02:22 | 000,000,511 | ---- | C] () -- C:\Users\admin\287.bat
[2008-10-13 16:01:46 | 000,000,068 | ---- | C] () -- C:\Users\admin\z.bat
[2008-10-13 16:01:44 | 000,045,568 | ---- | C] () -- C:\Users\admin\index.exe
[2008-07-12 00:05:34 | 000,009,913 | ---- | C] () -- C:\Users\admin\MCCI_MDM.INF
[2008-07-12 00:05:34 | 000,006,989 | ---- | C] () -- C:\Users\admin\MCCI_BUS.INF
[2008-07-12 00:05:34 | 000,004,477 | ---- | C] () -- C:\Users\admin\MCCI_SDM.INF
[2008-07-12 00:05:32 | 000,018,104 | ---- | C] () -- C:\Users\admin\1215813932-(null) - Kopia
[2008-07-12 00:05:32 | 000,016,524 | ---- | C] () -- C:\Users\admin\1215813932-(null) - Kopia (3)
[2008-07-12 00:05:32 | 000,006,947 | ---- | C] () -- C:\Users\admin\1215813932-(null)
[2008-07-12 00:05:32 | 000,005,877 | ---- | C] () -- C:\Users\admin\1215813932-(null) - Kopia (2)
[2008-07-11 23:29:14 | 000,009,232 | ---- | C] () -- C:\Users\admin\USB_MOT_BRIT.INF
[2008-07-11 23:29:14 | 000,006,947 | ---- | C] () -- C:\Users\admin\USBMOT2000.INF
[2008-07-11 23:29:14 | 000,006,009 | ---- | C] () -- C:\Users\admin\USBMOT2000XP.INF
[2008-07-11 23:29:14 | 000,005,877 | ---- | C] () -- C:\Users\admin\USB_CMCS_2000.INF
[2008-07-11 23:29:14 | 000,005,813 | ---- | C] () -- C:\Users\admin\USB_MOT_A1000.INF
[2008-06-28 13:30:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008-06-28 11:38:19 | 000,083,456 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-06-26 11:58:34 | 000,008,268 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat

[color=#E56717]========== LOP Check ==========[/color]

[2010-05-12 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.citra
[2011-08-26 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2011-06-11 13:38:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.oit
[2009-10-21 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ancient Quest of Saqqarah__cminion
[2012-05-14 08:57:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BESTplayer
[2009-06-14 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Blender Foundation
[2011-11-16 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Complitly
[2010-12-21 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CoSoSys
[2008-11-17 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools
[2012-04-06 15:44:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2012-04-06 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010-11-20 14:38:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Electronic Arts
[2012-06-07 22:30:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gadu-Gadu 10
[2011-06-24 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameTuts
[2011-07-15 16:16:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2012-07-13 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2010-07-10 10:29:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hardcore
[2012-02-11 00:06:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Image-Line
[2009-02-27 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InterTrust
[2010-05-22 08:17:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ipla
[2012-07-01 19:22:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2008-07-04 23:21:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2010-08-09 11:37:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mael
[2010-07-18 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MAGIX
[2011-01-16 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MOVAVI
[2011-01-16 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Movavi Video Editor 6 SE
[2012-08-07 19:03:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mp3tag
[2011-05-05 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Need for Speed World
[2010-03-12 14:31:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nokia
[2009-08-22 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nowe Gadu-Gadu
[2009-12-13 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenFM
[2010-07-01 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PC Suite
[2008-07-08 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
[2012-03-04 11:53:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ProtectDISC
[2009-11-21 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers
[2010-07-30 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Samsung
[2010-11-13 12:30:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ScanSoft
[2010-01-03 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony
[2011-04-18 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\sqlitestudio
[2010-07-21 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SynthMaker
[2008-12-17 18:31:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ubi.com
[2010-06-28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2012-07-15 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2010-02-25 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinAVI
[2008-10-17 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WoDBO
[2011-10-13 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\XnView
[2012-08-08 11:26:38 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2012-08-08 07:32:54 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008-06-29 20:03:55 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-30 22:23:44 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012-02-21 19:52:05 | 000,000,005 | ---- | M] () -- C:\BIOSDATE.TXT
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008-06-26 18:50:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008-06-26 12:02:12 | 000,000,206 | ---- | M] () -- C:\csb.log
[2008-07-12 00:05:27 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2008-08-23 12:54:28 | 000,000,032 | ---- | M] () -- C:\Ic.Inf
[2008-10-13 15:41:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-08-23 12:54:28 | 000,000,322 | ---- | M] () -- C:\Last.dat
[2008-08-23 12:54:28 | 000,000,003 | ---- | M] () -- C:\memlist.dat
[2008-10-13 15:41:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012-08-08 11:26:26 | 2459,779,072 | -HS- | M] () -- C:\pagefile.sys
[2012-02-21 19:52:05 | 000,000,003 | ---- | M] () -- C:\PRODUCT.TXT
[2012-02-21 19:52:05 | 000,000,005 | ---- | M] () -- C:\READ.TXT
[2008-06-26 12:02:12 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2012-02-21 19:52:05 | 000,000,005 | ---- | M] () -- C:\SPEC.TXT
[2008-08-23 12:54:27 | 000,000,004 | ---- | M] () -- C:\test.dat

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-07-04 10:17:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008-07-04 10:17:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008-07-04 10:17:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\admin\Documents\MOV009.3gp:TOC.WMV
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

[/log]
[log]
OTL Extras logfile created on: 2012-08-08 12:03:25 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 26,54% Memory free
4,23 Gb Paging File | 2,38 Gb Available in Paging File | 56,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,56 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
Drive D: | 190,43 Gb Total Space | 167,54 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive E: | 177,67 Gb Total Space | 124,58 Gb Free Space | 70,12% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox v6\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46850CD9-8E1F-4D51-9461-151CEC661EA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A03AA681-2E41-4751-9130-88084B6650C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117F11B6-C8B9-497D-886B-5E06C8502801}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{158BFB83-4666-4916-A691-B44DCFC92C18}" = protocol=6 | dir=in | app=c:\users\admin\desktop\videoconvertersetup.exe |
"{1886CCB0-40A5-404E-99E9-498C38896774}" = protocol=17 | dir=in | app=e:\gry1\klub socjalny\rockstar games social club\rgsclauncher.exe |
"{1CAE5467-4E87-4854-81FE-5EEDF48D3215}" = protocol=6 | dir=in | app=e:\gry1\klub socjalny\rockstar games social club\rgsclauncher.exe |
"{241F3794-0B94-4B4C-A9C9-D92B138C1C44}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{24A6E797-8E4D-401F-96E8-779EFF9D71C8}" = protocol=6 | dir=in | app=d:\michal\gry\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{26FC084F-F711-4DC9-967B-745BE27B127C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28115293-B96E-4417-9C15-1E53CCA47E96}" = protocol=17 | dir=in | app=c:\users\admin\desktop\videoconvertersetup.exe |
"{3F5C5B7D-F440-4F57-B2A1-379FFEDA4A40}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{453C79B5-DF4A-4F0F-A1B9-00ADF3E839BC}" = protocol=6 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{4CA86D2A-19E0-4999-96CC-F826E3E34F9F}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{5A3659B3-489B-48A4-8DFE-BA99C93E62EC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{731BB097-E1D5-43E5-8A4D-E0A7C3959ED8}" = protocol=17 | dir=in | app=d:\michal\gry\swat 4\contentexpansion\system\swat4xdedicatedserver.exe |
"{8201E5E5-87BB-40D2-95F9-A62975FDBAA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E05BEB3-E2AA-4007-BAF2-1FB468304804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E3B977D-BF2A-4FAC-8E3C-AA514BF6964B}" = protocol=6 | dir=in | app=e:\gry1\gta iv\grand theft auto iv\launchgtaiv.exe |
"{907F42FA-18DA-4256-BE4B-AB02105733A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9868DB1F-6745-443E-8A9D-AD18C2A73F82}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A981F4FE-61BD-467A-A341-1131A7545193}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{AAA21CA5-97CC-423B-B6AE-22D912A1827C}" = protocol=6 | dir=in | app=d:\michal\gry\swat 4\contentexpansion\system\swat4x.exe |
"{AF831EFF-F10A-4422-8F69-A492E5B22F71}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B1E8B10F-404A-4593-BEFA-370DC6B7CAF9}" = protocol=17 | dir=in | app=e:\gry1\gta iv\grand theft auto iv\launchgtaiv.exe |
"{C303F921-0617-4507-BB93-60B08340F332}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DBEE60D1-0570-4CDC-98CE-D183D057558C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{E2FCBC28-BACE-41E5-B13E-BE967699A9A5}" = protocol=17 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{F6CAE65F-79AF-49B3-AEF7-AE2A056ACCCB}" = protocol=17 | dir=in | app=d:\michal\gry\swat 4\contentexpansion\system\swat4x.exe |
"TCP Query User{002FD866-0D70-41E7-B92F-B06F56C72C0E}E:\berszar\bir szare\bearshare.exe" = protocol=6 | dir=in | app=e:\berszar\bir szare\bearshare.exe |
"TCP Query User{00C29205-E7AC-419C-A92C-B45DF2F5DF65}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{09364F3F-73C7-4609-A36B-185E472D3814}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{0CCBB24A-2645-4218-8F5C-FE65D7875E3D}D:\michal\gry\swat4\content\system\swat4dedicatedserver.exe" = protocol=6 | dir=in | app=d:\michal\gry\swat4\content\system\swat4dedicatedserver.exe |
"TCP Query User{110E49C2-26B9-48E3-846B-12D2CEFE273D}E:\gry1\heroes\h3wog.exe" = protocol=6 | dir=in | app=e:\gry1\heroes\h3wog.exe |
"TCP Query User{18352441-2967-4DA0-8177-C026A42679AB}C:\program files\valve\hlds.exe" = protocol=6 | dir=in | app=c:\program files\valve\hlds.exe |
"TCP Query User{1EB24C5D-0DC7-40CD-9D79-AE201D530E33}C:\users\admin\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\utorrent.exe |
"TCP Query User{21C2451C-0CE3-4BA8-83E3-BEDD728E4ED2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{276574F1-5543-442F-98C6-FFC9896D1120}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{5CEC3A69-2067-49DD-8520-1E6913134488}C:\program files\wolfquest\wolfquest.exe" = protocol=6 | dir=in | app=c:\program files\wolfquest\wolfquest.exe |
"TCP Query User{5ED57D12-7619-4F7D-8AB5-56A63D6C3226}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{60483879-C132-428E-8336-71C14EF42840}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{61EE1B7F-EB95-42E7-9264-48108BA01738}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6626E308-A710-4557-B0AE-35E7780224C9}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{6B6DA561-D9A7-404C-A32B-FC0BB8F97250}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{6D731DBA-4BBB-4E15-9237-AD441872FB67}E:\gry1\heroes\heroes33.exe" = protocol=6 | dir=in | app=e:\gry1\heroes\heroes33.exe |
"TCP Query User{74C46A06-5898-4605-B656-D4B9C14F291B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{784AFEFF-FB9E-42D1-BE3C-C0F8EE9B2DB5}E:\fifa11\game\fifa.exe" = protocol=6 | dir=in | app=e:\fifa11\game\fifa.exe |
"TCP Query User{8BAF8AD6-CDC3-47E9-95FC-A5B41ED8B8FF}C:\users\admin\desktop\król michał-nieupoważnionym wstęp wzbroniony!\real server 2.2.5 (8.54-8.57) - xtibia.com\real-server.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\król michał-nieupoważnionym wstęp wzbroniony!\real server 2.2.5 (8.54-8.57) - xtibia.com\real-server.exe |
"TCP Query User{9E2630E9-3D11-4D35-90AA-97CE8B04EF0F}D:\michal\gry\swat4\content\system\swat4.exe" = protocol=6 | dir=in | app=d:\michal\gry\swat4\content\system\swat4.exe |
"TCP Query User{A459C86B-77F5-4A49-9B31-F243567FF959}E:\gry\gry1\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gry\gry1\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{A8D26BF7-CF01-40E0-89D8-258F7D128B0E}D:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=d:\program files\bearshare\bearshare.exe |
"TCP Query User{AFFE753A-DB05-42CC-8862-C807CC213F8D}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{B33C3C4E-35DA-4E8E-854A-5B17424A12C3}C:\users\admin\desktop\loozikots\loozikots.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\loozikots\loozikots.exe |
"TCP Query User{B6ACF436-3A3D-43E6-90EE-5CED61834786}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{BA258FC6-0F20-4EC8-BAAB-975E22B0C772}E:\gry1\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gry1\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{BEC5D84E-4DE9-440A-AB2A-A0FB100A0A9D}D:\bearshare\bearshare.exe" = protocol=6 | dir=in | app=d:\bearshare\bearshare.exe |
"TCP Query User{C2B40BEC-9AFF-4892-A0E7-CACD3E20A306}E:\gry1\heroes\heroes3.exe" = protocol=6 | dir=in | app=e:\gry1\heroes\heroes3.exe |
"TCP Query User{C7553CA5-FF1E-4CFF-8146-9453B9342EEC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C7C0FD1B-09D2-4595-A8EF-F06A73CD8A47}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{D2CDCD4D-8789-42A9-BBC2-EC3B48BD72B9}E:\gry\crysis\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\gry\crysis\bin32\crysis2.exe |
"TCP Query User{E75C9A3F-0CF5-4D9D-B183-D3A913EFDA24}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{F27D23C0-CE40-489D-87B1-D4B0F4FDD9BC}D:\leszek\screamer radio\screamer.exe" = protocol=6 | dir=in | app=d:\leszek\screamer radio\screamer.exe |
"TCP Query User{F6B08FAB-793B-42F7-87FA-641693288C3D}C:\users\admin\appdata\local\temp\rar$ex01.631\silnik 8.4\the forgotten server.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\rar$ex01.631\silnik 8.4\the forgotten server.exe |
"UDP Query User{05A3A99A-902F-4649-B587-7C312CF4AAF5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1AA12033-1F0D-442E-A6A1-2DD5372AAB3C}D:\bearshare\bearshare.exe" = protocol=17 | dir=in | app=d:\bearshare\bearshare.exe |
"UDP Query User{1B419B6B-8680-49A1-9976-CE015B394C48}C:\program files\valve\hlds.exe" = protocol=17 | dir=in | app=c:\program files\valve\hlds.exe |
"UDP Query User{1C9B5E5B-B5C3-461B-85E6-2654E269769C}E:\gry1\heroes\heroes33.exe" = protocol=17 | dir=in | app=e:\gry1\heroes\heroes33.exe |
"UDP Query User{1F6B4503-7A9B-4A6C-B74D-F9C2043F913D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{201FEE5C-D8EE-4CF6-ADAF-5AECCE048568}D:\michal\gry\swat4\content\system\swat4dedicatedserver.exe" = protocol=17 | dir=in | app=d:\michal\gry\swat4\content\system\swat4dedicatedserver.exe |
"UDP Query User{2AA64674-7A44-41B6-B7E3-C41D3A25AE30}D:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=d:\program files\bearshare\bearshare.exe |
"UDP Query User{3038BFDB-FDD2-4B16-8B5F-156A177052CE}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{317FBFA0-5BAE-439E-9D6B-18341403E74A}C:\users\admin\appdata\local\temp\rar$ex01.631\silnik 8.4\the forgotten server.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\rar$ex01.631\silnik 8.4\the forgotten server.exe |
"UDP Query User{3DB7583F-5FB7-41B9-BA85-042E057313E7}C:\program files\wolfquest\wolfquest.exe" = protocol=17 | dir=in | app=c:\program files\wolfquest\wolfquest.exe |
"UDP Query User{49DC9D01-6CD4-4CB9-863A-EA63B42F6C62}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4B8FCC74-87B1-46E2-8110-E758A6C7BFE2}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{4BD2482F-EF52-4898-863F-CA3E26856AFE}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{540BEE9C-627A-4CE3-AF5D-48964AA6E38C}E:\gry1\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gry1\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{5B402B72-FAC9-44C9-863D-36A4A33E196E}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{600ADC7A-B9DC-433E-837D-D31D36D4FB6C}E:\gry\gry1\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gry\gry1\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{61A70741-5B61-464C-BC94-F9CF38614DBD}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{64A032D8-18AC-4235-8B5F-56EEE2F8EFA2}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{72141D0F-D1C3-4456-9D34-60E5CF41B88F}E:\berszar\bir szare\bearshare.exe" = protocol=17 | dir=in | app=e:\berszar\bir szare\bearshare.exe |
"UDP Query User{72B0E7B3-A643-4885-A62C-BF423A9BAD7F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{76A97CB8-6538-43E0-8495-FC6A6ABE9ABB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{820B069D-7313-4418-A481-6E9702C0B5B2}D:\michal\gry\swat4\content\system\swat4.exe" = protocol=17 | dir=in | app=d:\michal\gry\swat4\content\system\swat4.exe |
"UDP Query User{82688782-B11A-4D1B-BC4F-5C96B5545A12}C:\users\admin\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\utorrent.exe |
"UDP Query User{87AB2CD9-6509-4680-A8A9-1F0EBEC464E1}D:\leszek\screamer radio\screamer.exe" = protocol=17 | dir=in | app=d:\leszek\screamer radio\screamer.exe |
"UDP Query User{8F352D0C-ACE0-49B5-8628-725D432E96A9}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{95977C8D-3082-435C-A61C-660F4D6FE11A}E:\gry\crysis\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\gry\crysis\bin32\crysis2.exe |
"UDP Query User{95CA60EB-F2D4-4476-82B8-06545F6BB038}C:\users\admin\desktop\król michał-nieupoważnionym wstęp wzbroniony!\real server 2.2.5 (8.54-8.57) - xtibia.com\real-server.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\król michał-nieupoważnionym wstęp wzbroniony!\real server 2.2.5 (8.54-8.57) - xtibia.com\real-server.exe |
"UDP Query User{9D75F125-5B61-4806-8C24-AC57E6CBC63E}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{A37E2EA3-FB08-4671-90F6-A3CAA6DBAC91}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{AB0EB5F2-B518-49D9-84D5-97669531B61C}E:\gry1\heroes\h3wog.exe" = protocol=17 | dir=in | app=e:\gry1\heroes\h3wog.exe |
"UDP Query User{BA70F519-2F6F-4739-A627-58A8D6CC33FE}E:\fifa11\game\fifa.exe" = protocol=17 | dir=in | app=e:\fifa11\game\fifa.exe |
"UDP Query User{D3EADBE2-90AF-426E-B89F-01AC5A030505}E:\gry1\heroes\heroes3.exe" = protocol=17 | dir=in | app=e:\gry1\heroes\heroes3.exe |
"UDP Query User{D7220EE2-F336-4599-A4D1-FC32599BD365}C:\users\admin\desktop\loozikots\loozikots.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\loozikots\loozikots.exe |
"UDP Query User{F16DDDF7-56CD-49F3-BC38-1F0DDF403436}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A795E81-7E99-4574-923D-8A0AF1F11CA1}" = ScanSoft PaperPort 11
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Dogz 5
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A6A6531-08FC-47AD-BAC4-C41497E71045}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5852AC18-76CA-45FB-A742-96BA8CF1B5BF}" = Petz 5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A861C55A-0F15-4CF8-8034-ABCD3884276C}" = Movavi Video Editor 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0 CE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASIO4ALL" = ASIO4ALL
"BearShare MediaBar" = MediaBar 2.0
"Codec_is1" = Codec 8.3e
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DDS Converter 2.1" = DDS Converter 2.1
"Digital Camera Driver" = Digital Camera Driver
"Drumaxx" = Drumaxx
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Fraps" = Fraps
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.24.426
"Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 2.3.4.920
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.9.221
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.14.1206
"FX - Video Converter" = FoxTab Video Converter (remove only)
"Gadu-Gadu 10" = Gadu-Gadu 10
"Hamachi" = Hamachi 1.0.3.0
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM)
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"InstallShield_{5852AC18-76CA-45FB-A742-96BA8CF1B5BF}" = Dogz 5
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Photo Manager 8 UK" = MAGIX Photo Manager 8
"MAGIX Screenshare PL" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"MAGIX Zdjecia na CD & DVD 8 PL" = MAGIX Zdjecia na CD & DVD 8 8.0.3.4 (PL)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0.2 (x86 pl)" = Mozilla Firefox 6.0.2 (x86 pl)
"Mp3tag" = Mp3tag v2.51
"Mufin MusicFinder Base UK" = Mufin MusicFinder Base 1.5.3.247 (UK)
"Niezbędnik CD_is1" = Niezbędnik CD
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer
"Sakura" = Sakura
"Sawer" = Sawer
"Swat Downloader2.4" = Swat Downloader
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Wielka Tajemnica Azteków_is1" = Wielka Tajemnica Azteków
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3049995181-2426156244-432367948-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = APN Updater
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 5.01
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.0.0
"Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl)
"Power Loader" = Power Challenge Game Plugin
"S.E.P 3" = S.E.P 3
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-07 06:24:17 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2012-07-07 06:24:17 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2012-07-07 13:16:20 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd fifa.exe, wersja 1.0.0.0, sygnatura czasowa
0x4c8a90dc, moduł powodujący błąd msvcrt.dll, wersja 7.0.6002.18551, sygnatura
czasowa 0x4ee8cc5a, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000a3da, identyfikator
procesu 0x94c, godzina rozpoczęcia aplikacji 0x01cd5c61afb97920.

Error - 2012-07-08 15:38:00 | Computer Name = admin-PC | Source = Picasa | ID = 1
Description =

Error - 2012-07-09 10:04:33 | Computer Name = admin-PC | Source = VSS | ID = 8194
Description =

Error - 2012-07-09 10:05:53 | Computer Name = admin-PC | Source = VSS | ID = 8194
Description =

Error - 2012-07-14 17:25:31 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gg.exe, wersja 10.5.2.13164, sygnatura czasowa
0x4e11fbd9, moduł powodujący błąd gg.exe, wersja 10.5.2.13164, sygnatura czasowa
0x4e11fbd9, kod wyjątku 0xc0000005, przesunięcie błędu 0x001a4cc0, identyfikator
procesu 0xa90, godzina rozpoczęcia aplikacji 0x01cd62071717fc6f.

Error - 2012-07-26 19:27:35 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
raportami i rozwiązaniami problemów. Identyfikator procesu: 7cc Godzina rozpoczęcia:
01cd6b7425f1920f Godzina zakończenia: 60000

Error - 2012-07-29 13:29:05 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mpc-hc.exe, wersja 1.4.2764.0, sygnatura
czasowa 0x4d03c4f2, moduł powodujący błąd nvd3dum.dll, wersja 7.15.11.5836, sygnatura
czasowa 0x46707a73, kod wyjątku 0xc0000005, przesunięcie błędu 0x00006915, identyfikator
procesu 0x14dc, godzina rozpoczęcia aplikacji 0x01cd6dafa4b39550.

Error - 2012-08-07 18:21:14 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6002.18005, sygnatura
czasowa 0x49e01da5, moduł powodujący błąd Trshlex.dll_unloaded, wersja 0.0.0.0,
sygnatura czasowa 0x4a86f46b, kod wyjątku 0xc0000005, przesunięcie błędu 0x093829f0,
identyfikator
procesu 0x7d0, godzina rozpoczęcia aplikacji 0x01cd74bf4b21834d.

[ System Events ]
Error - 2012-08-05 14:23:27 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-06 14:02:17 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-06 14:02:17 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-07 13:03:54 | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-08-07 14:02:18 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-07 14:02:18 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-07 18:21:03 | Computer Name = admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = Produkt %%860 napotkał błąd podczas próby aktualizacji podpisów. Nowa
wersja podpisu: Poprzednia wersja podpisu: 1.131.1547.0 Źródło aktualizacji: %%859

Etap
aktualizacji: %%853 Ścieżka źródła: http://www.microsoft.com Typ podpisu: %%800 Typ
aktualizacji: %%803 Użytkownik: ZARZĄDZANIE NT\SYSTEM Bieżąca wersja aparatu: Poprzednia
wersja aparatu: 1.1.8601.0 Kod błędu: 0x800704c7 Opis błędu: Operacja została anulowana
przez użytkownika.

Error - 2012-08-08 05:49:07 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-08 05:49:12 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-08 06:06:26 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2012-08-08 06:06:26 | Computer Name = admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

[/log]

komputerowiec19
komentarz
komentarz

Odinstaluj:
[quote]
Google Toolbar for Internet Explorer
DVDVideoSoftTB Toolbar
Spybot - Search & Destroy
Hyperionics DB Toolbar
facemoods Toolbar
Conduit Engine
Ask Toolbar
[/quote]

Zastosuj Adwcleaner -> [url="http://general-changelog-team.fr/en/tools/15-adwcleaner"]http://general-chang...s/15-adwcleaner[/url] (ściągnij na Pulpit i kliknij w nim Delete.
Pokaż raport z niego C:\AdwCleaner[S1].txt

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

[quote]
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- D:\Anti Trojan Elite\ATEPMon.sys -- (ATE_PROCMON)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab4369aa)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://start.facemoo...earchTerms}&f=4"]http://start.facemoo...earchTerms}&f=4[/url]
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.condui...&ctid=CT2269050"]http://search.condui...&ctid=CT2269050[/url]
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = [url="http://start.facemoo...earchTerms}&f=4"]http://start.facemoo...earchTerms}&f=4[/url]
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = [url="http://search.bearsh...q={searchTerms}"]http://search.bearsh...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = [url="http://www.daemon-se...q={searchTerms}"]http://www.daemon-se...q={searchTerms}[/url]
IE - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
[2012-08-03 08:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions
[2011-11-16 20:23:10 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011-08-12 19:34:21 | 000,000,000 | ---D | M] (Hyperionics DB Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012-06-27 14:17:20 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012-07-17 20:19:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-04-01 17:03:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\engine@conduit.com
[2012-08-03 08:44:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\y3l4hze7.default\extensions\toolbar@ask.com
[2012-08-03 08:48:01 | 000,002,299 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3l4hze7.default\searchplugins\askcom.xml
[2010-06-25 15:04:19 | 000,000,873 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3l4hze7.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll File not found
O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll File not found
O3 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BearShare] "E:\berszar\bir szare\BearShare.exe" /pause File not found
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM File not found
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe File not found
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-3049995181-2426156244-432367948-1000..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniSpiker-2.6.lnk = C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.ma...r/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O33 - MountPoints2\{63e179a0-baad-11e0-b105-001d7dc22191}\Shell - "" = AutoRun
O33 - MountPoints2\{63e179a0-baad-11e0-b105-001d7dc22191}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\{db428ab1-dbea-11dd-af03-001d7dc22191}\Shell\Auto\command - "" = PegeFile.pif
O33 - MountPoints2\{db428ab1-dbea-11dd-af03-001d7dc22191}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell - "" = AutoRun
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell\AutoRun\command - "" = H:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{f8e4b756-b4bd-11dd-ae94-001d7dc22191}\Shell\readme\command - "" = notepad czytajto.txt
MsConfig - StartUpReg: Anti Trojan Elite - hkey= - key= - File not found
MsConfig - StartUpReg: JP595IR86O - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
@Alternate Data Stream - 64 bytes -> C:\Users\admin\Documents\MOV009.3gp:TOC.WMV
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:63238B95

:Commands
[emptytemp]
[/quote]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchamiasz OTL ponownie, i klikasz skanuj.
Pokaż nowy log OTL.txt oraz raporty z usuwania.

Snakuu
komentarz
komentarz

Dobra. Dziękuję. Dzisiaj to wszystko zrobię i dam znać jak poszło.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.