TnOSlayer utworzono 8 sierpnia 2012 utworzono 8 sierpnia 2012 (edytowane) Witam mam pewien problem poniewaz od dzsiaj przy wlanczaniu komputera dowolny proces zabiera 50% cpu a po wylaczeniu przechodzi na nastepny proces ;/ [log]OTL logfile created on: 2012-08-08 23:48:56 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Slayerek\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,60% Memory free 7,17 Gb Paging File | 6,28 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,65 Gb Free Space | 63,20% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 56,46 Gb Free Space | 41,75% Space Free | Partition Type: NTFS Drive G: | 467,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SLAYEREK-PC | User Name: Slayerek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-08 23:48:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Slayerek\Downloads\OTL.exe PRC - [2012-08-08 23:42:26 | 000,030,208 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe PRC - [2012-08-08 23:42:20 | 000,012,800 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\Temp\winginq.exe PRC - [2012-08-03 01:04:27 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe PRC - [2012-07-18 20:44:21 | 000,979,424 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 | 000,528,456 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-01-04 17:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010-11-09 06:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2010-07-19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010-07-19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010-07-06 22:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2010-05-30 23:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-04-25 10:18:14 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-08 23:42:26 | 000,030,208 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe MOD - [2012-08-08 23:42:20 | 000,012,800 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\Temp\winginq.exe MOD - [2012-08-03 01:04:27 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012-07-18 20:44:21 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-08-03 01:04:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-18 20:44:21 | 000,186,848 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-07-19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010-07-19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008-04-25 10:18:14 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012-08-06 17:40:24 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-01-05 20:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010-07-14 04:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) DRV - [2010-05-12 22:05:18 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-04-10 21:39:00 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D"]http://search.live.c...ferrer:source?}[/url] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D"]http://search.live.c...ferrer:source?}[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "about:home" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-18 20:44:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-05 14:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slayerek\AppData\Roaming\mozilla\Extensions [2012-07-06 18:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slayerek\AppData\Roaming\mozilla\Firefox\Profiles\8y9n6lxs.default\extensions [2012-07-05 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-07-18 20:44:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-15 01:13:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-15 01:13:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-15 01:13:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-15 01:13:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-15 01:13:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-15 01:13:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Slayerek\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6534D55-2C59-4BE2-A518-CFA7C519EC8B}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-07-05 14:14:28 | 000,000,268 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-05-21 18:08:00 | 000,000,264 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () - G:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2003-02-12 09:01:48 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\AutOPLAy\CoMmanD - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\AutoRun\command - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\exPlOrE\COmmANd - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\oPEN\cOmmaNd - "" = F:\lycjb.pif O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\aUtoPlay\COmmAnD - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\AutoRun\command - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\eXplOre\Command - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\OPEn\commAND - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\AuToplAY\commanD - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\AutoRun\command - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\expLorE\command - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\opEN\coMmAnd - "" = G:\ulswy.exe O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell - "" = AutoRun O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell\AutoRun\command - "" = G:\autoplay.exe -- [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-06 17:49:03 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net [2012-08-06 17:44:38 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2012-08-06 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012-08-06 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012-08-06 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-08-06 17:40:24 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-08-06 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\DAEMON Tools Lite [2012-08-06 17:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-08-06 17:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012-07-31 14:48:01 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\Documents\NFSTR [2012-07-31 14:45:07 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012-07-31 14:45:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012-07-31 14:45:04 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012-07-31 14:45:04 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012-07-31 14:45:04 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012-07-31 14:45:04 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012-07-31 14:45:04 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012-07-31 14:45:04 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012-07-31 14:45:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012-07-31 14:45:04 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012-07-31 14:45:04 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012-07-31 14:45:04 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012-07-31 14:45:04 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012-07-31 14:45:04 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012-07-31 14:45:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012-07-31 14:45:04 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012-07-31 14:45:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012-07-31 14:45:04 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012-07-31 14:45:04 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012-07-31 14:45:04 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012-07-31 14:45:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012-07-31 14:45:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012-07-31 14:45:03 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012-07-31 14:33:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012-07-31 14:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst [2012-07-28 04:50:53 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012-07-28 04:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012-07-28 04:50:52 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\BITS [2012-07-28 04:50:43 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashgetSetup [2012-07-28 04:50:40 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashGetBHO [2012-07-28 04:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2012-07-28 04:50:36 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashGet [2012-07-28 02:06:41 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\WinRAR [2012-07-28 02:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-07-16 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\LolClient [2012-07-16 19:47:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012-07-16 19:47:20 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2012-07-16 19:47:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2012-07-16 19:47:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2012-07-16 19:47:20 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2012-07-16 19:47:20 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012-07-16 19:47:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2012-07-16 19:47:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2012-07-16 19:47:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2012-07-16 19:47:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2012-07-16 19:47:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012-07-16 19:47:19 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2012-07-16 19:47:19 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2012-07-16 19:47:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2012-07-16 19:47:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2012-07-16 19:47:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2012-07-16 19:47:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2012-07-16 19:47:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2012-07-16 19:47:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2012-07-16 19:47:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2012-07-16 19:47:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2012-07-16 19:47:18 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2012-07-16 19:47:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2012-07-16 19:47:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2012-07-16 19:47:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2012-07-16 19:47:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2012-07-16 19:47:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2012-07-16 19:47:18 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2012-07-16 19:47:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2012-07-16 19:47:18 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2012-07-16 19:47:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2012-07-16 19:47:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2012-07-16 19:47:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2012-07-16 19:47:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2012-07-16 19:47:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2012-07-16 19:47:18 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2012-07-16 19:47:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2012-07-16 19:47:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2012-07-16 19:47:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2012-07-16 19:47:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2012-07-16 19:47:17 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2012-07-16 19:47:17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2012-07-16 19:47:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2012-07-16 19:47:17 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2012-07-16 19:47:17 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2012-07-16 19:47:17 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2012-07-16 19:47:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2012-07-16 19:47:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2012-07-16 19:47:17 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2012-07-16 19:47:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2012-07-16 19:47:17 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2012-07-16 19:47:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2012-07-16 19:47:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2012-07-16 19:47:17 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2012-07-16 19:47:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2012-07-16 19:47:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2012-07-16 19:47:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2012-07-16 19:47:16 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2012-07-16 19:47:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2012-07-16 19:47:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2012-07-16 19:47:16 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2012-07-16 19:47:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2012-07-16 19:47:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2012-07-16 19:47:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2012-07-16 19:47:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2012-07-16 19:47:16 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2012-07-16 19:47:16 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2012-07-16 19:47:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2012-07-16 19:47:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2012-07-16 19:47:16 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2012-07-16 19:47:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2012-07-16 19:47:15 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2012-07-16 19:47:15 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2012-07-16 19:47:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2012-07-16 19:47:15 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2012-07-16 19:47:15 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2012-07-16 19:47:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2012-07-16 19:47:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2012-07-16 19:47:15 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2012-07-16 19:47:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2012-07-16 19:47:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2012-07-16 19:47:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2012-07-16 19:47:09 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2012-07-16 19:47:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2012-07-16 19:47:09 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2012-07-16 19:47:09 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2012-07-16 19:47:09 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2012-07-16 19:47:09 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2012-07-16 19:47:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2012-07-16 19:47:09 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2012-07-16 19:47:09 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2012-07-16 19:46:36 | 000,000,000 | ---D | C] -- C:\DX [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-08 23:46:14 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-08 23:46:14 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-08 23:46:14 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-08 23:46:14 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-08 23:39:47 | 000,099,328 | ---- | M] () -- C:\lgpcg.exe [2012-08-08 23:39:01 | 000,032,165 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-08-08 23:39:01 | 000,032,165 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-08-08 23:38:52 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 23:38:52 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-08 23:38:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-08 23:38:48 | 3745,427,456 | -HS- | M] () -- C:\hiberfil.sys [2012-08-08 23:34:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-06 17:49:03 | 000,000,618 | ---- | M] () -- C:\Users\Slayerek\Desktop\Euroloader.lnk [2012-08-06 17:49:03 | 000,000,562 | ---- | M] () -- C:\Users\Slayerek\Desktop\gproxy.lnk [2012-08-06 17:47:40 | 000,062,465 | ---- | M] () -- C:\Windows\War3Unin.dat [2012-08-06 17:47:08 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2012-08-06 17:47:08 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2012-08-06 17:40:24 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-08-03 01:04:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-08-03 01:04:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-07-31 14:18:43 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk [2012-07-28 12:36:10 | 000,001,348 | ---- | M] () -- C:\Windows\System32\secustat.dat [2012-07-28 06:10:59 | 000,007,630 | ---- | M] () -- C:\Windows\System32\secushr.dat [2012-07-28 04:51:17 | 000,001,344 | ---- | M] () -- C:\Users\Slayerek\Desktop\FlashGet downloads.lnk [2012-07-28 04:51:01 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI [2012-07-17 11:21:10 | 000,000,631 | ---- | M] () -- C:\Users\Slayerek\Desktop\League of Legends.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-08 23:39:47 | 000,099,328 | ---- | C] () -- C:\lgpcg.exe [2012-08-06 17:49:03 | 000,000,618 | ---- | C] () -- C:\Users\Slayerek\Desktop\Euroloader.lnk [2012-08-06 17:49:03 | 000,000,562 | ---- | C] () -- C:\Users\Slayerek\Desktop\gproxy.lnk [2012-08-06 17:44:38 | 000,062,465 | ---- | C] () -- C:\Windows\War3Unin.dat [2012-08-06 17:44:38 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2012-07-31 14:18:43 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk [2012-07-28 06:28:46 | 000,001,348 | ---- | C] () -- C:\Windows\System32\secustat.dat [2012-07-28 05:10:28 | 000,007,630 | ---- | C] () -- C:\Windows\System32\secushr.dat [2012-07-28 04:51:17 | 000,001,344 | ---- | C] () -- C:\Users\Slayerek\Desktop\FlashGet downloads.lnk [2012-07-28 04:51:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012-07-17 11:21:10 | 000,000,631 | ---- | C] () -- C:\Users\Slayerek\Desktop\League of Legends.lnk [2012-07-05 17:41:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012-07-05 17:40:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012-07-05 17:40:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012-07-05 15:06:41 | 000,032,165 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012-07-05 15:06:39 | 000,032,165 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012-07-05 15:04:51 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2012-07-05 15:04:51 | 001,722,984 | ---- | C] () -- C:\Windows\System32\nwiz.exe [2012-07-05 15:04:51 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll [2012-07-05 15:04:51 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2012-07-05 15:04:51 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll [2012-07-05 15:04:51 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe [2012-07-05 15:04:51 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe [2012-07-05 15:04:51 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe [2012-07-05 14:32:33 | 000,007,168 | ---- | C] () -- C:\Users\Slayerek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-05 13:57:43 | 000,000,680 | ---- | C] () -- C:\Users\Slayerek\AppData\Local\d3d9caps.dat < End of report > OTL Extras logfile created on: 2012-08-08 23:48:56 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Slayerek\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,60% Memory free 7,17 Gb Paging File | 6,28 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,65 Gb Free Space | 63,20% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 56,46 Gb Free Space | 41,75% Space Free | Partition Type: NTFS Drive G: | 467,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SLAYEREK-PC | User Name: Slayerek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3366845728-784585638-755298595-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "D:\Instalki\DTLite4454-0315_[www.programosy.pl].exe" = D:\Instalki\DTLite4454-0315_[www.programosy.pl].exe:*:Enabled:ipsec -- (DT Soft Ltd) "C:\Windows\Explorer.EXE" = C:\Windows\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winxpuum.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxpuum.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\cxuql.exe" = C:\Users\Slayerek\AppData\Local\Temp\cxuql.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winnivbl.exe" = C:\Users\Slayerek\AppData\Local\Temp\winnivbl.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winvoea.exe" = C:\Users\Slayerek\AppData\Local\Temp\winvoea.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\wintljoe.exe" = C:\Users\Slayerek\AppData\Local\Temp\wintljoe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\ersfh.exe" = C:\Users\Slayerek\AppData\Local\Temp\ersfh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winmynp.exe" = C:\Users\Slayerek\AppData\Local\Temp\winmynp.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winelry.exe" = C:\Users\Slayerek\AppData\Local\Temp\winelry.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winpkonrf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winpkonrf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winvtkiqe.exe" = C:\Users\Slayerek\AppData\Local\Temp\winvtkiqe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winrars.exe" = C:\Users\Slayerek\AppData\Local\Temp\winrars.exe:*:Enabled:ipsec "C:\Windows\System32\nwiz.exe" = C:\Windows\System32\nwiz.exe:*:Enabled:ipsec -- () "C:\Program Files\DAEMON Tools Lite\DTLite.exe" = C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec -- (DT Soft Ltd) "C:\Program Files\Intel\WiFi\bin\iwrap.exe" = C:\Program Files\Intel\WiFi\bin\iwrap.exe:*:Enabled:ipsec -- (Intel® Corporation) "C:\Users\Slayerek\AppData\Local\Temp\mmxq.exe" = C:\Users\Slayerek\AppData\Local\Temp\mmxq.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winsfknd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winsfknd.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winiscx.exe" = C:\Users\Slayerek\AppData\Local\Temp\winiscx.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winodkiek.exe" = C:\Users\Slayerek\AppData\Local\Temp\winodkiek.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winuhota.exe" = C:\Users\Slayerek\AppData\Local\Temp\winuhota.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lobab.exe" = C:\Users\Slayerek\AppData\Local\Temp\lobab.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winlfol.exe" = C:\Users\Slayerek\AppData\Local\Temp\winlfol.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winygtnjx.exe" = C:\Users\Slayerek\AppData\Local\Temp\winygtnjx.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\elqu.exe" = C:\Users\Slayerek\AppData\Local\Temp\elqu.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winglgf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winglgf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lgon.exe" = C:\Users\Slayerek\AppData\Local\Temp\lgon.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\vjcs.exe" = C:\Users\Slayerek\AppData\Local\Temp\vjcs.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\rllsh.exe" = C:\Users\Slayerek\AppData\Local\Temp\rllsh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\dswam.exe" = C:\Users\Slayerek\AppData\Local\Temp\dswam.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\bmwj.exe" = C:\Users\Slayerek\AppData\Local\Temp\bmwj.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\nxppe.exe" = C:\Users\Slayerek\AppData\Local\Temp\nxppe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\iaolh.exe" = C:\Users\Slayerek\AppData\Local\Temp\iaolh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winqbqox.exe" = C:\Users\Slayerek\AppData\Local\Temp\winqbqox.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winuouf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winuouf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winjagxfw.exe" = C:\Users\Slayerek\AppData\Local\Temp\winjagxfw.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winxvqy.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxvqy.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winhxviim.exe" = C:\Users\Slayerek\AppData\Local\Temp\winhxviim.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winaohaf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winaohaf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winxftry.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxftry.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\qefph.exe" = C:\Users\Slayerek\AppData\Local\Temp\qefph.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winfaaf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winfaaf.exe:*:Enabled:ipsec "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winadryu.exe" = C:\Users\Slayerek\AppData\Local\Temp\winadryu.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winygpf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winygpf.exe:*:Enabled:ipsec "C:\Windows\system32\userinit.exe" = C:\Windows\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winslmiuw.exe" = C:\Users\Slayerek\AppData\Local\Temp\winslmiuw.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winyiwwf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winyiwwf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winbbjd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winbbjd.exe:*:Enabled:ipsec "D:\LoL\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\LolClient.exe" = D:\LoL\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\LolClient.exe:*:Enabled:ipsec -- (Adobe Systems Inc.) "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winssfd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winssfd.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lnhdi.exe" = C:\Users\Slayerek\AppData\Local\Temp\lnhdi.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winginq.exe" = C:\Users\Slayerek\AppData\Local\Temp\winginq.exe:*:Enabled:ipsec -- () "C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe" = C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe:*:Enabled:ipsec -- () [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D7F408-FF4C-4569-B871-B000AC4F17C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{62451C94-BD6A-47E0-98D9-8A077BA387FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{0ABEF8AC-C761-4856-94FC-1B9DA75E680C}C:\program files\malwarebytes' anti-malware\mbamgui.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbamgui.exe | "TCP Query User{327BFAC8-31D2-443F-AEBC-485AA8ADB0AB}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "TCP Query User{444DA5D7-7459-4B88-86D3-787FA87E3FFF}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "TCP Query User{4BCDA590-B321-49F6-94AB-18E873D24530}D:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe" = protocol=6 | dir=in | app=d:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe | "TCP Query User{5C968252-38C5-462F-9DAF-6FFC0AC5E0CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{998D4424-A768-4849-9790-5D4561D24CAB}C:\program files\daemon tools lite\dtlite.exe" = protocol=6 | dir=in | app=c:\program files\daemon tools lite\dtlite.exe | "TCP Query User{C7056DA2-C8C7-423A-98CB-858453FB94E0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CC000D23-93A5-433B-86AA-55175562F6AE}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "TCP Query User{E86475FA-D3AC-434E-9687-8BD2BEF3966C}C:\windows\system32\userinit.exe" = protocol=6 | dir=in | app=c:\windows\system32\userinit.exe | "TCP Query User{F2AB121C-55A3-487C-88DC-4270CD838965}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | "UDP Query User{1A6A9DCD-0620-4CC5-8D76-89AB0C6ADB02}C:\program files\daemon tools lite\dtlite.exe" = protocol=17 | dir=in | app=c:\program files\daemon tools lite\dtlite.exe | "UDP Query User{2F6B25B1-EFDF-4EFC-9D9F-9A7CD3D8E06F}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | "UDP Query User{3CA51AB2-EFE3-425A-818D-6EE37A566D5B}C:\windows\system32\userinit.exe" = protocol=17 | dir=in | app=c:\windows\system32\userinit.exe | "UDP Query User{40F8703E-03F4-4041-9468-0A789490D202}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "UDP Query User{7A26A16A-A93A-4D63-9E00-D728B4093C7D}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "UDP Query User{80CEFD74-9DC8-4EDD-9C09-ADD1A416ECF8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{8F7C81B6-8E29-4557-9CF5-3CA4D74920BF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{A70BC10B-2A13-4DB6-A8BF-CAEFB3D221E6}C:\program files\malwarebytes' anti-malware\mbamgui.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbamgui.exe | "UDP Query User{B31F563B-12FB-4A1A-ADD9-CA11E798FD8A}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "UDP Query User{DDEB2E65-B0C7-440E-A838-6B1433FCF8C8}D:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe" = protocol=17 | dir=in | app=d:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}_is1" = Need For Speed. The Run 1.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Oprogramowanie Intel® PROSet/Wireless WiFi "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "Eurobattle.net1.26" = Eurobattle.net "FlashGet3.7" = FlashGet3.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "ProInst" = Intel PROSet Wireless "Warcraft III" = Warcraft III "Winamp" = Winamp [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-31 08:34:19 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0x2d8, godzina rozpoczęcia aplikacji 0x01cd6f18cd1eabd0. Error - 2012-07-31 08:35:57 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xf0c, godzina rozpoczęcia aplikacji 0x01cd6f1903420142. Error - 2012-07-31 08:36:24 | Computer Name = Slayerek-PC | Source = VSS | ID = 8194 Description = Error - 2012-07-31 08:36:39 | Computer Name = Slayerek-PC | Source = System Restore | ID = 8193 Description = Error - 2012-07-31 08:37:18 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xda0, godzina rozpoczęcia aplikacji 0x01cd6f19383a9512. Error - 2012-07-31 08:37:24 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xff8, godzina rozpoczęcia aplikacji 0x01cd6f193bb9d892. Error - 2012-07-31 08:37:34 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xcf0, godzina rozpoczęcia aplikacji 0x01cd6f19411afb72. Error - 2012-07-31 08:40:49 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0x8a4, godzina rozpoczęcia aplikacji 0x01cd6f1959484862. Error - 2012-07-31 09:05:21 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000005, przesunięcie błędu 0x0003e13d, identyfikator procesu 0xf98, godzina rozpoczęcia aplikacji 0x01cd6f1ad9cba90a. Error - 2012-08-02 13:06:31 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, kod wyjątku 0xc0000005, przesunięcie błędu 0x010b54c8, identyfikator procesu 0x6d8, godzina rozpoczęcia aplikacji 0x01cd70cd475206a8. [ System Events ] Error - 2012-08-08 14:01:34 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7034 Description = Error - 2012-08-08 14:01:44 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-08 14:03:52 | Computer Name = Slayerek-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:02:12 na 2012-08-08 było nieoczekiwane. Error - 2012-08-08 14:04:41 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-08 14:05:30 | Computer Name = Slayerek-PC | Source = BROWSER | ID = 8007 Description = Error - 2012-08-08 14:06:45 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-08 14:07:01 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7023 Description = Error - 2012-08-08 14:07:05 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-08 14:07:05 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-08 14:07:05 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = < End of report >[/log] Dałem to wszystko w jeden code.
Gość komentarz 9 sierpnia 2012 komentarz 9 sierpnia 2012 (edytowane) 1. Uruchom OTL i w okno [b]Własne opcje skanowania /skrypt[/b] Wklej [code] :OTL O32 - AutoRun File - [2012-07-05 14:14:28 | 000,000,268 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-05-21 18:08:00 | 000,000,264 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () - G:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2003-02-12 09:01:48 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\AutOPLAy\CoMmanD - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\AutoRun\command - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\exPlOrE\COmmANd - "" = F:\lycjb.pif O33 - MountPoints2\{70975dcf-c69b-11e1-96da-f40343d0b4cc}\Shell\oPEN\cOmmaNd - "" = F:\lycjb.pif O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\aUtoPlay\COmmAnD - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\AutoRun\command - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\eXplOre\Command - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efde-d402-11e1-adaf-82705876aec6}\Shell\OPEn\commAND - "" = F:\wplfqc.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\AuToplAY\commanD - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\AutoRun\command - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\expLorE\command - "" = G:\ulswy.exe O33 - MountPoints2\{a450efe4-d402-11e1-adaf-82705876aec6}\Shell\opEN\coMmAnd - "" = G:\ulswy.exe O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell - "" = AutoRun O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell\AutoRun\command - "" = G:\autoplay.exe -- [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () :Files C:\autorun.inf D:\autorun.inf C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe C:\Users\Slayerek\AppData\Local\Temp\winginq.exe C:\lgpcg.exe C:\Users\Slayerek\AppData\Local\Temp\winxpuum.exe C:\Users\Slayerek\AppData\Local\Temp\cxuql.exe C:\Users\Slayerek\AppData\Local\Temp\winnivbl.exe C:\Users\Slayerek\AppData\Local\Temp\winvoea.exe C:\Users\Slayerek\AppData\Local\Temp\wintljoe.exe C:\Users\Slayerek\AppData\Local\Temp\ersfh.exe C:\Users\Slayerek\AppData\Local\Temp\winmynp.exe C:\Users\Slayerek\AppData\Local\Temp\winelry.exe C:\Users\Slayerek\AppData\Local\Temp\winpkonrf.exe C:\Users\Slayerek\AppData\Local\Temp\winvtkiqe.exe C:\Users\Slayerek\AppData\Local\Temp\winrars.exe C:\Users\Slayerek\AppData\Local\Temp\mmxq.exe C:\Users\Slayerek\AppData\Local\Temp\winsfknd.exe C:\Users\Slayerek\AppData\Local\Temp\winiscx.exe C:\Users\Slayerek\AppData\Local\Temp\winodkiek.exe C:\Users\Slayerek\AppData\Local\Temp\winuhota.exe C:\Users\Slayerek\AppData\Local\Temp\lobab.exe C:\Users\Slayerek\AppData\Local\Temp\winlfol.exe C:\Users\Slayerek\AppData\Local\Temp\winygtnjx.exe C:\Users\Slayerek\AppData\Local\Temp\elqu.exe C:\Users\Slayerek\AppData\Local\Temp\winglgf.exe C:\Users\Slayerek\AppData\Local\Temp\lgon.exe C:\Users\Slayerek\AppData\Local\Temp\vjcs.exe C:\Users\Slayerek\AppData\Local\Temp\rllsh.exe C:\Users\Slayerek\AppData\Local\Temp\dswam.exe C:\Users\Slayerek\AppData\Local\Temp\bmwj.exe C:\Users\Slayerek\AppData\Local\Temp\nxppe.exe C:\Users\Slayerek\AppData\Local\Temp\iaolh.exe C:\Users\Slayerek\AppData\Local\Temp\winqbqox.exe C:\Users\Slayerek\AppData\Local\Temp\winuouf.exe C:\Users\Slayerek\AppData\Local\Temp\winjagxfw.exe C:\Users\Slayerek\AppData\Local\Temp\winxvqy.exe C:\Users\Slayerek\AppData\Local\Temp\winhxviim.exe C:\Users\Slayerek\AppData\Local\Temp\winaohaf.exe C:\Users\Slayerek\AppData\Local\Temp\winxftry.exe C:\Users\Slayerek\AppData\Local\Temp\qefph.exe C:\Users\Slayerek\AppData\Local\Temp\winfaaf.exe C:\Users\Slayerek\AppData\Local\Temp\winadryu.exe C:\Users\Slayerek\AppData\Local\Temp\winygpf.exe C:\Users\Slayerek\AppData\Local\Temp\winslmiuw.exe C:\Users\Slayerek\AppData\Local\Temp\winyiwwf.exe C:\Users\Slayerek\AppData\Local\Temp\winbbjd.exe C:\Users\Slayerek\AppData\Local\Temp\winssfd.exe C:\Users\Slayerek\AppData\Local\Temp\lnhdi.exe C:\Users\Slayerek\AppData\Local\Temp\winginq.exe: C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe :Commands [emptytemp] [/code] Kliknij [b]Wykonaj skrypt[/b] 2.Po restarcie kliknij [b]Sprzątanie[/b] 3.Wyskanuj system skanerem malwarebytes anti malware wszystkie zagrożenia usuń 4.Pobierz ponownie otl i przedstaw nowy raport
TnOSlayer komentarz 10 sierpnia 2012 Autor komentarz 10 sierpnia 2012 Problem nie ulegl zmianie. Prosze tutaj nowy log. [log]OTL logfile created on: 2012-08-10 13:20:52 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Slayerek\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 75,56% Memory free 7,16 Gb Paging File | 6,38 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,52 Gb Free Space | 63,06% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 56,46 Gb Free Space | 41,75% Space Free | Partition Type: NTFS Drive G: | 467,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SLAYEREK-PC | User Name: Slayerek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-08-10 13:17:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Slayerek\Downloads\OTL.exe PRC - [2012-08-03 01:04:27 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe PRC - [2012-07-18 20:44:21 | 000,979,424 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-07-18 20:44:21 | 000,082,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 | 000,528,456 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011-01-04 17:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010-11-09 06:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2010-07-19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010-07-19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010-07-06 22:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2010-05-30 23:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2010-05-12 11:55:00 | 000,219,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009-04-10 23:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-10 23:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-10 23:28:08 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2009-04-10 23:28:06 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-04-10 23:28:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-04-10 23:28:00 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-10 23:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-10 23:27:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-04-25 10:25:40 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-04-25 10:25:40 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-04-25 10:24:18 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-04-25 10:21:43 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2008-04-25 10:19:26 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:16 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-04-25 10:19:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-04-25 10:18:14 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-04-25 10:17:51 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe PRC - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-08-10 13:17:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Slayerek\Downloads\OTL.exe MOD - [2012-08-03 01:04:27 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012-08-03 01:04:27 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe MOD - [2012-07-18 20:44:21 | 016,060,384 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xul.dll MOD - [2012-07-18 20:44:21 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-07-18 20:44:21 | 000,979,424 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe MOD - [2012-07-18 20:44:21 | 000,829,920 | ---- | M] (sqlite.org) -- C:\Program Files\Mozilla Firefox\mozsqlite3.dll MOD - [2012-07-18 20:44:21 | 000,638,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nss3.dll MOD - [2012-07-18 20:44:21 | 000,573,920 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\gkmedias.dll MOD - [2012-07-18 20:44:21 | 000,358,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssckbi.dll MOD - [2012-07-18 20:44:21 | 000,258,528 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\freebl3.dll MOD - [2012-07-18 20:44:21 | 000,170,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nspr4.dll MOD - [2012-07-18 20:44:21 | 000,155,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\softokn3.dll MOD - [2012-07-18 20:44:21 | 000,145,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\ssl3.dll MOD - [2012-07-18 20:44:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll MOD - [2012-07-18 20:44:21 | 000,095,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssdbm3.dll MOD - [2012-07-18 20:44:21 | 000,092,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssutil3.dll MOD - [2012-07-18 20:44:21 | 000,091,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\smime3.dll MOD - [2012-07-18 20:44:21 | 000,082,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe MOD - [2012-07-18 20:44:21 | 000,068,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozglue.dll MOD - [2012-07-18 20:44:21 | 000,021,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plc4.dll MOD - [2012-07-18 20:44:21 | 000,020,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plds4.dll MOD - [2012-07-18 20:44:21 | 000,019,424 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpcom.dll MOD - [2012-07-18 20:44:21 | 000,015,840 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozalloc.dll MOD - [2012-07-03 13:46:44 | 000,528,456 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2012-07-03 13:46:42 | 000,476,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012-07-02 12:14:28 | 002,167,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012-06-15 00:16:43 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcr100.dll MOD - [2012-06-15 00:16:43 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcp100.dll MOD - [2011-01-04 17:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe MOD - [2010-12-17 02:52:22 | 000,115,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll MOD - [2010-11-18 19:12:20 | 001,607,024 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.dll MOD - [2010-11-09 06:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe MOD - [2010-07-06 22:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe MOD - [2010-05-31 06:23:42 | 000,075,120 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\EzAuto.dll MOD - [2010-05-30 23:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe MOD - [2010-05-12 22:05:18 | 001,070,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll MOD - [2010-05-12 11:55:00 | 000,150,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll MOD - [2010-05-12 11:55:00 | 000,092,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll MOD - [2009-09-25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009-09-25 03:27:04 | 001,064,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll MOD - [2009-09-25 00:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-04-10 23:28:28 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2009-04-10 23:28:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2009-04-10 23:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-04-10 23:28:26 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2009-04-10 23:28:26 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-10 23:28:26 | 001,167,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2009-04-10 23:28:26 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-10 23:28:26 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-10 23:28:26 | 000,828,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2009-04-10 23:28:26 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-10 23:28:26 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2009-04-10 23:28:26 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-04-10 23:28:26 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2009-04-10 23:28:26 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-04-10 23:28:26 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2009-04-10 23:28:26 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-10 23:28:26 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll MOD - [2009-04-10 23:28:26 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2009-04-10 23:28:26 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll MOD - [2009-04-10 23:28:26 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2009-04-10 23:28:26 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-10 23:28:26 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-10 23:28:26 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-04-10 23:28:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-10 23:28:26 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-10 23:28:26 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2009-04-10 23:28:24 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2009-04-10 23:28:24 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL MOD - [2009-04-10 23:28:24 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll MOD - [2009-04-10 23:28:24 | 001,823,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2009-04-10 23:28:24 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2009-04-10 23:28:24 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-04-10 23:28:24 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-10 23:28:24 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-10 23:28:24 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-04-10 23:28:24 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-10 23:28:24 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2009-04-10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009-04-10 23:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2009-04-10 23:28:24 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll MOD - [2009-04-10 23:28:24 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2009-04-10 23:28:24 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-10 23:28:24 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2009-04-10 23:28:24 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-10 23:28:24 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll MOD - [2009-04-10 23:28:22 | 002,012,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll MOD - [2009-04-10 23:28:22 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-10 23:28:22 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-10 23:28:22 | 000,564,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll MOD - [2009-04-10 23:28:22 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2009-04-10 23:28:22 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2009-04-10 23:28:22 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll MOD - [2009-04-10 23:28:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2009-04-10 23:28:22 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-10 23:28:22 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2009-04-10 23:28:22 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-10 23:28:22 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll MOD - [2009-04-10 23:28:22 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll MOD - [2009-04-10 23:28:20 | 006,079,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2009-04-10 23:28:20 | 001,788,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll MOD - [2009-04-10 23:28:20 | 001,324,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2009-04-10 23:28:20 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2009-04-10 23:28:20 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll MOD - [2009-04-10 23:28:20 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2009-04-10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-10 23:28:20 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2009-04-10 23:28:20 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-10 23:28:20 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2009-04-10 23:28:20 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2009-04-10 23:28:20 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2009-04-10 23:28:20 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2009-04-10 23:28:20 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2009-04-10 23:28:20 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2009-04-10 23:28:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2009-04-10 23:28:20 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll MOD - [2009-04-10 23:28:20 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll MOD - [2009-04-10 23:28:20 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009-04-10 23:28:20 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-10 23:28:20 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2009-04-10 23:28:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2009-04-10 23:28:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll MOD - [2009-04-10 23:28:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009-04-10 23:28:20 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2009-04-10 23:28:18 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-10 23:28:18 | 000,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll MOD - [2009-04-10 23:28:18 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-10 23:28:08 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe MOD - [2009-04-10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe MOD - [2009-04-10 23:27:50 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-04-10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2009-04-10 23:27:34 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe MOD - [2009-04-10 23:27:14 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2009-04-10 23:27:14 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2009-04-10 23:27:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2009-04-10 23:27:14 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv MOD - [2009-04-10 23:21:40 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll MOD - [2009-04-10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008-04-25 10:26:48 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-04-25 10:26:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2008-04-25 10:26:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll MOD - [2008-04-25 10:25:52 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2008-04-25 10:25:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL MOD - [2008-04-25 10:25:40 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe MOD - [2008-04-25 10:25:40 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe MOD - [2008-04-25 10:24:50 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2008-04-25 10:24:50 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008-04-25 10:24:34 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2008-04-25 10:24:27 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2008-04-25 10:24:23 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008-04-25 10:24:18 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll MOD - [2008-04-25 10:24:17 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2008-04-25 10:24:17 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2008-04-25 10:24:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2008-04-25 10:24:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2008-04-25 10:24:14 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll MOD - [2008-04-25 10:23:58 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-04-25 10:23:55 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2008-04-25 10:23:51 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll MOD - [2008-04-25 10:23:50 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-04-25 10:23:49 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2008-04-25 10:23:48 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2008-04-25 10:23:44 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2008-04-25 10:23:38 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll MOD - [2008-04-25 10:23:04 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-04-25 10:23:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-04-25 10:23:02 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll MOD - [2008-04-25 10:22:52 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2008-04-25 10:22:42 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2008-04-25 10:22:39 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll MOD - [2008-04-25 10:22:35 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll MOD - [2008-04-25 10:22:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-04-25 10:22:24 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2008-04-25 10:22:16 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-04-25 10:21:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll MOD - [2008-04-25 10:21:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2008-04-25 10:21:37 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2008-04-25 10:21:35 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2008-04-25 10:21:20 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll MOD - [2008-04-25 10:21:00 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2008-04-25 10:20:58 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2008-04-25 10:20:45 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2008-04-25 10:20:45 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2008-04-25 10:20:07 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008-04-25 10:20:00 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2008-04-25 10:19:51 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll MOD - [2008-04-25 10:19:33 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll MOD - [2008-04-25 10:19:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2008-04-25 10:19:19 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-04-25 10:18:55 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll MOD - [2008-04-25 10:18:15 | 000,671,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpRtMon.dll MOD - [2008-04-25 10:18:14 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe MOD - [2008-04-25 10:18:14 | 000,312,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpClient.dll MOD - [2008-04-25 10:17:47 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2006-11-02 14:35:33 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehProxy.dll MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006-11-02 14:34:32 | 000,653,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpRes.dll MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006-11-02 11:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shimeng.dll MOD - [2006-11-02 11:46:13 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll MOD - [2006-11-02 11:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006-11-02 11:46:06 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2006-11-02 11:46:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-08-03 01:04:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-18 20:44:21 | 000,186,848 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-07-19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010-07-19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008-04-25 10:18:14 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012-08-06 17:40:24 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-01-05 20:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010-07-14 04:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) DRV - [2010-05-12 22:05:18 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-04-10 21:39:00 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3366845728-784585638-755298595-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3366845728-784585638-755298595-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3366845728-784585638-755298595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "about:home" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-18 20:44:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-05 14:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slayerek\AppData\Roaming\mozilla\Extensions [2012-07-06 18:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slayerek\AppData\Roaming\mozilla\Firefox\Profiles\8y9n6lxs.default\extensions [2012-07-05 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-07-18 20:44:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-15 01:13:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-15 01:13:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-15 01:13:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-15 01:13:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-15 01:13:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-15 01:13:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Slayerek\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3366845728-784585638-755298595-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6534D55-2C59-4BE2-A518-CFA7C519EC8B}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-08-10 12:35:20 | 000,000,300 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-08-10 12:35:20 | 000,000,310 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () - G:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2003-02-12 09:01:48 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell - "" = AutoRun O33 - MountPoints2\{e8458eb1-dd72-11e1-a47e-81ec6e0f13ba}\Shell\AutoRun\command - "" = G:\autoplay.exe -- [2003-05-23 15:26:56 | 000,061,440 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-08-06 17:49:03 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net [2012-08-06 17:44:38 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2012-08-06 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012-08-06 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2012-08-06 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-08-06 17:40:24 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-08-06 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\DAEMON Tools Lite [2012-08-06 17:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-08-06 17:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012-07-31 14:48:01 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\Documents\NFSTR [2012-07-31 14:33:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012-07-31 14:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst [2012-07-28 04:50:53 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012-07-28 04:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012-07-28 04:50:52 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\BITS [2012-07-28 04:50:43 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashgetSetup [2012-07-28 04:50:40 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashGetBHO [2012-07-28 04:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network [2012-07-28 04:50:36 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\FlashGet [2012-07-28 02:06:41 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\WinRAR [2012-07-28 02:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-07-16 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\LolClient [2012-07-16 19:46:36 | 000,000,000 | ---D | C] -- C:\DX [2012-07-05 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\Documents\Diablo III [2012-07-05 18:17:21 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Malwarebytes [2012-07-05 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-05 18:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-07-05 18:17:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-07-05 18:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-07-05 17:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012-07-05 17:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012-07-05 17:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2012-07-05 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012-07-05 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012-07-05 17:50:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012-07-05 17:48:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012-07-05 17:38:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012-07-05 15:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012-07-05 15:12:04 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Macromedia [2012-07-05 15:12:04 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Local\Macromedia [2012-07-05 15:12:04 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Adobe [2012-07-05 15:11:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012-07-05 15:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012-07-05 15:04:51 | 000,000,000 | ---D | C] -- C:\Windows\nview [2012-07-05 14:51:44 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Mozilla [2012-07-05 14:51:44 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Local\Mozilla [2012-07-05 14:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-07-05 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-07-05 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-07-05 14:46:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012-07-05 14:46:35 | 000,000,000 | -HSD | C] -- C:\Boot [2012-07-05 14:46:00 | 000,000,000 | ---D | C] -- C:\DRIVERS [2012-07-05 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012-07-05 14:45:30 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa [2012-07-05 14:45:26 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Winamp [2012-07-05 14:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2012-07-05 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Intel [2012-07-05 14:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012-07-05 14:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2012-07-05 14:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012-07-05 14:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012-07-05 14:36:53 | 000,000,000 | ---D | C] -- C:\Windows\ConfigSetRoot [2012-07-05 14:17:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012-07-05 14:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad [2012-07-05 14:14:08 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2012-07-05 14:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012-07-05 14:13:56 | 000,000,000 | ---D | C] -- C:\Intel [2012-07-05 14:13:54 | 000,000,000 | ---D | C] -- C:\dell [2012-07-05 13:57:54 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012-07-05 13:57:54 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Searches [2012-07-05 13:57:54 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012-07-05 13:57:47 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Identities [2012-07-05 13:57:46 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Contacts [2012-07-05 13:57:45 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Local\VirtualStore [2012-07-05 13:57:42 | 000,000,000 | --SD | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Videos [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Saved Games [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Pictures [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Music [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Links [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Favorites [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Downloads [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Documents [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\Desktop [2012-07-05 13:57:42 | 000,000,000 | R--D | C] -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Ustawienia lokalne [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\AppData\Local\Temporary Internet Files [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Szablony [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\SendTo [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Recent [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\PrintHood [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\NetHood [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Documents\Moje wideo [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Documents\Moje obrazy [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Moje dokumenty [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Documents\Moja muzyka [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Menu Start [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\AppData\Local\Historia [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Dane aplikacji [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\AppData\Local\Dane aplikacji [2012-07-05 13:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Slayerek\Cookies [2012-07-05 13:57:42 | 000,000,000 | -H-D | C] -- C:\Users\Slayerek\AppData [2012-07-05 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Local\Temp [2012-07-05 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Local\Microsoft [2012-07-05 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\Slayerek\AppData\Roaming\Media Center Programs [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2012-07-05 13:56:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2012-07-05 13:55:56 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2012-07-05 13:50:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012-07-05 13:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2 [2012-07-05 13:47:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-08-10 13:18:28 | 000,032,165 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-08-10 13:18:28 | 000,032,165 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-08-10 13:18:22 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-10 13:18:21 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-10 13:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-10 13:18:15 | 3745,427,456 | -HS- | M] () -- C:\hiberfil.sys [2012-08-10 13:17:12 | 000,099,328 | ---- | M] () -- C:\dcpwb.exe [2012-08-10 12:49:57 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-10 12:49:57 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-10 12:49:57 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-10 12:49:57 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-10 12:39:40 | 000,229,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-08-10 12:35:20 | 000,000,300 | RHS- | M] () -- C:\autorun.inf [2012-08-10 00:34:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-06 17:49:03 | 000,000,618 | ---- | M] () -- C:\Users\Slayerek\Desktop\Euroloader.lnk [2012-08-06 17:49:03 | 000,000,562 | ---- | M] () -- C:\Users\Slayerek\Desktop\gproxy.lnk [2012-08-06 17:47:40 | 000,062,465 | ---- | M] () -- C:\Windows\War3Unin.dat [2012-08-06 17:47:08 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2012-08-06 17:47:08 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2012-08-06 17:40:24 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012-07-31 14:18:43 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk [2012-07-28 12:36:10 | 000,001,348 | ---- | M] () -- C:\Windows\System32\secustat.dat [2012-07-28 06:10:59 | 000,007,630 | ---- | M] () -- C:\Windows\System32\secushr.dat [2012-07-28 04:51:17 | 000,001,344 | ---- | M] () -- C:\Users\Slayerek\Desktop\FlashGet downloads.lnk [2012-07-28 04:51:01 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI [2012-07-17 11:21:10 | 000,000,631 | ---- | M] () -- C:\Users\Slayerek\Desktop\League of Legends.lnk [2012-07-05 18:27:26 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012-07-05 14:51:30 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-07-05 14:46:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2012-07-05 14:40:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012-07-05 14:32:52 | 000,000,680 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\d3d9caps.dat [2012-07-05 14:32:36 | 000,007,168 | ---- | M] () -- C:\Users\Slayerek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-05 14:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2012-07-05 14:16:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012-07-05 13:52:39 | 000,065,580 | ---- | M] () -- C:\Windows\System32\license.rtf [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-10 13:17:12 | 000,099,328 | ---- | C] () -- C:\dcpwb.exe [2012-08-10 12:35:17 | 000,000,300 | RHS- | C] () -- C:\autorun.inf [2012-08-06 17:49:03 | 000,000,618 | ---- | C] () -- C:\Users\Slayerek\Desktop\Euroloader.lnk [2012-08-06 17:49:03 | 000,000,562 | ---- | C] () -- C:\Users\Slayerek\Desktop\gproxy.lnk [2012-08-06 17:44:38 | 000,062,465 | ---- | C] () -- C:\Windows\War3Unin.dat [2012-08-06 17:44:38 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2012-07-31 14:18:43 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk [2012-07-28 06:28:46 | 000,001,348 | ---- | C] () -- C:\Windows\System32\secustat.dat [2012-07-28 05:10:28 | 000,007,630 | ---- | C] () -- C:\Windows\System32\secushr.dat [2012-07-28 04:51:17 | 000,001,344 | ---- | C] () -- C:\Users\Slayerek\Desktop\FlashGet downloads.lnk [2012-07-28 04:51:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012-07-17 11:21:10 | 000,000,631 | ---- | C] () -- C:\Users\Slayerek\Desktop\League of Legends.lnk [2012-07-05 17:58:27 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012-07-05 17:41:33 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012-07-05 17:41:32 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012-07-05 17:41:32 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2012-07-05 17:41:12 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012-07-05 17:41:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012-07-05 17:41:09 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012-07-05 17:40:46 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2012-07-05 17:40:44 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012-07-05 17:40:43 | 002,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012-07-05 17:40:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012-07-05 17:40:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012-07-05 17:40:41 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012-07-05 17:40:41 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012-07-05 17:40:41 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012-07-05 15:11:31 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-05 15:06:41 | 000,032,165 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012-07-05 15:06:39 | 000,032,165 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012-07-05 15:04:51 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2012-07-05 15:04:51 | 001,722,984 | ---- | C] () -- C:\Windows\System32\nwiz.exe [2012-07-05 15:04:51 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll [2012-07-05 15:04:51 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2012-07-05 15:04:51 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll [2012-07-05 15:04:51 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe [2012-07-05 15:04:51 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe [2012-07-05 15:04:51 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe [2012-07-05 15:04:24 | 000,023,929 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu [2012-07-05 14:51:30 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-07-05 14:51:30 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-07-05 14:46:37 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2012-07-05 14:46:35 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2012-07-05 14:46:17 | 000,039,270 | R--- | C] () -- C:\Windows\OEMLOGO.BMP [2012-07-05 14:40:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012-07-05 14:32:33 | 000,007,168 | ---- | C] () -- C:\Users\Slayerek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-05 14:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2012-07-05 14:16:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012-07-05 14:16:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2012-07-05 13:57:55 | 000,000,949 | ---- | C] () -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-07-05 13:57:54 | 000,000,944 | ---- | C] () -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012-07-05 13:57:45 | 000,000,915 | ---- | C] () -- C:\Users\Slayerek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012-07-05 13:57:43 | 000,000,680 | ---- | C] () -- C:\Users\Slayerek\AppData\Local\d3d9caps.dat [2012-07-05 13:53:24 | 3745,427,456 | -HS- | C] () -- C:\hiberfil.sys [2012-07-05 13:52:21 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [color=#E56717]========== LOP Check ==========[/color] [2012-07-28 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\BITS [2012-08-06 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\DAEMON Tools Lite [2012-07-28 06:28:46 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\FlashGet [2012-07-28 04:50:40 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\FlashGetBHO [2012-07-28 04:50:43 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\FlashgetSetup [2012-07-16 19:49:12 | 000,000,000 | ---D | M] -- C:\Users\Slayerek\AppData\Roaming\LolClient [2012-08-10 13:17:44 | 000,016,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2012-08-10 12:35:20 | 000,000,300 | RHS- | M] () -- C:\autorun.inf [2009-04-10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2012-07-05 14:46:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012-08-10 13:17:12 | 000,099,328 | ---- | M] () -- C:\dcpwb.exe [2012-08-10 13:18:15 | 3745,427,456 | -HS- | M] () -- C:\hiberfil.sys [2012-08-10 13:18:15 | 4059,033,600 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-25 10:14:06 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008-04-25 10:14:06 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-04-25 10:14:06 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-04-25 10:14:06 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-04-25 10:14:06 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-04-25 10:14:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-04-25 10:14:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-04-25 10:19:21 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-04-25 10:19:21 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-25 10:14:16 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-04-25 10:14:16 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-04-25 10:19:47 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-04-25 10:24:03 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2012-07-03 13:46:42 | 000,287,304 | ---- | M] () MD5=D945DB9CA22F8C1EA118E9F55F59CEF4 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < End of report > OTL Extras logfile created on: 2012-08-10 13:20:52 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Slayerek\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,49 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 75,56% Memory free 7,16 Gb Paging File | 6,38 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,52 Gb Free Space | 63,06% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 56,46 Gb Free Space | 41,75% Space Free | Partition Type: NTFS Drive G: | 467,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SLAYEREK-PC | User Name: Slayerek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3366845728-784585638-755298595-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3366845728-784585638-755298595-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "D:\Instalki\DTLite4454-0315_[www.programosy.pl].exe" = D:\Instalki\DTLite4454-0315_[www.programosy.pl].exe:*:Enabled:ipsec -- (DT Soft Ltd) "C:\Windows\Explorer.EXE" = C:\Windows\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winxpuum.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxpuum.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\cxuql.exe" = C:\Users\Slayerek\AppData\Local\Temp\cxuql.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winnivbl.exe" = C:\Users\Slayerek\AppData\Local\Temp\winnivbl.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winvoea.exe" = C:\Users\Slayerek\AppData\Local\Temp\winvoea.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\wintljoe.exe" = C:\Users\Slayerek\AppData\Local\Temp\wintljoe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\ersfh.exe" = C:\Users\Slayerek\AppData\Local\Temp\ersfh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winmynp.exe" = C:\Users\Slayerek\AppData\Local\Temp\winmynp.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winelry.exe" = C:\Users\Slayerek\AppData\Local\Temp\winelry.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winpkonrf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winpkonrf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winvtkiqe.exe" = C:\Users\Slayerek\AppData\Local\Temp\winvtkiqe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winrars.exe" = C:\Users\Slayerek\AppData\Local\Temp\winrars.exe:*:Enabled:ipsec "C:\Windows\System32\nwiz.exe" = C:\Windows\System32\nwiz.exe:*:Enabled:ipsec -- () "C:\Program Files\DAEMON Tools Lite\DTLite.exe" = C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec -- (DT Soft Ltd) "C:\Program Files\Intel\WiFi\bin\iwrap.exe" = C:\Program Files\Intel\WiFi\bin\iwrap.exe:*:Enabled:ipsec -- (Intel(R) Corporation) "C:\Users\Slayerek\AppData\Local\Temp\mmxq.exe" = C:\Users\Slayerek\AppData\Local\Temp\mmxq.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winsfknd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winsfknd.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winiscx.exe" = C:\Users\Slayerek\AppData\Local\Temp\winiscx.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winodkiek.exe" = C:\Users\Slayerek\AppData\Local\Temp\winodkiek.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winuhota.exe" = C:\Users\Slayerek\AppData\Local\Temp\winuhota.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lobab.exe" = C:\Users\Slayerek\AppData\Local\Temp\lobab.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winlfol.exe" = C:\Users\Slayerek\AppData\Local\Temp\winlfol.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winygtnjx.exe" = C:\Users\Slayerek\AppData\Local\Temp\winygtnjx.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\elqu.exe" = C:\Users\Slayerek\AppData\Local\Temp\elqu.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winglgf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winglgf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lgon.exe" = C:\Users\Slayerek\AppData\Local\Temp\lgon.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\vjcs.exe" = C:\Users\Slayerek\AppData\Local\Temp\vjcs.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\rllsh.exe" = C:\Users\Slayerek\AppData\Local\Temp\rllsh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\dswam.exe" = C:\Users\Slayerek\AppData\Local\Temp\dswam.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\bmwj.exe" = C:\Users\Slayerek\AppData\Local\Temp\bmwj.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\nxppe.exe" = C:\Users\Slayerek\AppData\Local\Temp\nxppe.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\iaolh.exe" = C:\Users\Slayerek\AppData\Local\Temp\iaolh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winqbqox.exe" = C:\Users\Slayerek\AppData\Local\Temp\winqbqox.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winuouf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winuouf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winjagxfw.exe" = C:\Users\Slayerek\AppData\Local\Temp\winjagxfw.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winxvqy.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxvqy.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winhxviim.exe" = C:\Users\Slayerek\AppData\Local\Temp\winhxviim.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winaohaf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winaohaf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winxftry.exe" = C:\Users\Slayerek\AppData\Local\Temp\winxftry.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\qefph.exe" = C:\Users\Slayerek\AppData\Local\Temp\qefph.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winfaaf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winfaaf.exe:*:Enabled:ipsec "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winadryu.exe" = C:\Users\Slayerek\AppData\Local\Temp\winadryu.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winygpf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winygpf.exe:*:Enabled:ipsec "C:\Windows\system32\userinit.exe" = C:\Windows\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winslmiuw.exe" = C:\Users\Slayerek\AppData\Local\Temp\winslmiuw.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winyiwwf.exe" = C:\Users\Slayerek\AppData\Local\Temp\winyiwwf.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winbbjd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winbbjd.exe:*:Enabled:ipsec "D:\LoL\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\LolClient.exe" = D:\LoL\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\LolClient.exe:*:Enabled:ipsec -- (Adobe Systems Inc.) "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation) "C:\Users\Slayerek\AppData\Local\Temp\winssfd.exe" = C:\Users\Slayerek\AppData\Local\Temp\winssfd.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lnhdi.exe" = C:\Users\Slayerek\AppData\Local\Temp\lnhdi.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winginq.exe" = C:\Users\Slayerek\AppData\Local\Temp\winginq.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe" = C:\Users\Slayerek\AppData\Local\Temp\winmqgv.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\gpivu.exe" = C:\Users\Slayerek\AppData\Local\Temp\gpivu.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winbydq.exe" = C:\Users\Slayerek\AppData\Local\Temp\winbydq.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winocwiec.exe" = C:\Users\Slayerek\AppData\Local\Temp\winocwiec.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\nfiwxt.exe" = C:\Users\Slayerek\AppData\Local\Temp\nfiwxt.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\lsntg.exe" = C:\Users\Slayerek\AppData\Local\Temp\lsntg.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winrdovkh.exe" = C:\Users\Slayerek\AppData\Local\Temp\winrdovkh.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winseirfs.exe" = C:\Users\Slayerek\AppData\Local\Temp\winseirfs.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winhnmeb.exe" = C:\Users\Slayerek\AppData\Local\Temp\winhnmeb.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winppky.exe" = C:\Users\Slayerek\AppData\Local\Temp\winppky.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winjsqub.exe" = C:\Users\Slayerek\AppData\Local\Temp\winjsqub.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winssex.exe" = C:\Users\Slayerek\AppData\Local\Temp\winssex.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\njcgsr.exe" = C:\Users\Slayerek\AppData\Local\Temp\njcgsr.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winukspo.exe" = C:\Users\Slayerek\AppData\Local\Temp\winukspo.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\moghv.exe" = C:\Users\Slayerek\AppData\Local\Temp\moghv.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winesubev.exe" = C:\Users\Slayerek\AppData\Local\Temp\winesubev.exe:*:Enabled:ipsec "D:\Instalki\OTL.exe" = D:\Instalki\OTL.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\hacik.exe" = C:\Users\Slayerek\AppData\Local\Temp\hacik.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\bulsmx.exe" = C:\Users\Slayerek\AppData\Local\Temp\bulsmx.exe:*:Enabled:ipsec "C:\Users\Slayerek\AppData\Local\Temp\winrwjch.exe" = C:\Users\Slayerek\AppData\Local\Temp\winrwjch.exe:*:Enabled:ipsec -- () "C:\Users\Slayerek\AppData\Local\Temp\atucmk.exe" = C:\Users\Slayerek\AppData\Local\Temp\atucmk.exe:*:Enabled:ipsec -- () [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D7F408-FF4C-4569-B871-B000AC4F17C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{62451C94-BD6A-47E0-98D9-8A077BA387FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{06FD7929-B00F-4DBA-BADF-D543C198DF59}C:\windows\system32\nwiz.exe" = protocol=6 | dir=in | app=c:\windows\system32\nwiz.exe | "TCP Query User{0ABEF8AC-C761-4856-94FC-1B9DA75E680C}C:\program files\malwarebytes' anti-malware\mbamgui.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbamgui.exe | "TCP Query User{327BFAC8-31D2-443F-AEBC-485AA8ADB0AB}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "TCP Query User{444DA5D7-7459-4B88-86D3-787FA87E3FFF}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "TCP Query User{4BCDA590-B321-49F6-94AB-18E873D24530}D:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe" = protocol=6 | dir=in | app=d:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe | "TCP Query User{5C968252-38C5-462F-9DAF-6FFC0AC5E0CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{998D4424-A768-4849-9790-5D4561D24CAB}C:\program files\daemon tools lite\dtlite.exe" = protocol=6 | dir=in | app=c:\program files\daemon tools lite\dtlite.exe | "TCP Query User{C7056DA2-C8C7-423A-98CB-858453FB94E0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CC000D23-93A5-433B-86AA-55175562F6AE}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "TCP Query User{E86475FA-D3AC-434E-9687-8BD2BEF3966C}C:\windows\system32\userinit.exe" = protocol=6 | dir=in | app=c:\windows\system32\userinit.exe | "TCP Query User{F2AB121C-55A3-487C-88DC-4270CD838965}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | "UDP Query User{1A6A9DCD-0620-4CC5-8D76-89AB0C6ADB02}C:\program files\daemon tools lite\dtlite.exe" = protocol=17 | dir=in | app=c:\program files\daemon tools lite\dtlite.exe | "UDP Query User{2F6B25B1-EFDF-4EFC-9D9F-9A7CD3D8E06F}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | "UDP Query User{3CA51AB2-EFE3-425A-818D-6EE37A566D5B}C:\windows\system32\userinit.exe" = protocol=17 | dir=in | app=c:\windows\system32\userinit.exe | "UDP Query User{40F8703E-03F4-4041-9468-0A789490D202}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "UDP Query User{5F896D4B-4808-44EF-BDA1-6FA6AFC112E4}C:\windows\system32\nwiz.exe" = protocol=17 | dir=in | app=c:\windows\system32\nwiz.exe | "UDP Query User{7A26A16A-A93A-4D63-9E00-D728B4093C7D}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "UDP Query User{80CEFD74-9DC8-4EDD-9C09-ADD1A416ECF8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{8F7C81B6-8E29-4557-9CF5-3CA4D74920BF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{A70BC10B-2A13-4DB6-A8BF-CAEFB3D221E6}C:\program files\malwarebytes' anti-malware\mbamgui.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbamgui.exe | "UDP Query User{B31F563B-12FB-4A1A-ADD9-CA11E798FD8A}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "UDP Query User{DDEB2E65-B0C7-440E-A838-6B1433FCF8C8}D:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe" = protocol=17 | dir=in | app=d:\instalki\sterowniki\intel_chipset-software-insta_a05_r302424.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}_is1" = Need For Speed. The Run 1.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "Eurobattle.net1.26" = Eurobattle.net "FlashGet3.7" = FlashGet3.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "ProInst" = Intel PROSet Wireless "Warcraft III" = Warcraft III "Winamp" = Winamp [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3366845728-784585638-755298595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-31 08:34:19 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0x2d8, godzina rozpoczęcia aplikacji 0x01cd6f18cd1eabd0. Error - 2012-07-31 08:35:57 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xf0c, godzina rozpoczęcia aplikacji 0x01cd6f1903420142. Error - 2012-07-31 08:36:24 | Computer Name = Slayerek-PC | Source = VSS | ID = 8194 Description = Error - 2012-07-31 08:36:39 | Computer Name = Slayerek-PC | Source = System Restore | ID = 8193 Description = Error - 2012-07-31 08:37:18 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xda0, godzina rozpoczęcia aplikacji 0x01cd6f19383a9512. Error - 2012-07-31 08:37:24 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xff8, godzina rozpoczęcia aplikacji 0x01cd6f193bb9d892. Error - 2012-07-31 08:37:34 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0xcf0, godzina rozpoczęcia aplikacji 0x01cd6f19411afb72. Error - 2012-07-31 08:40:49 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd dxgi.dll!CreateDXGIFactory1, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000139, przesunięcie błędu 0x00009eed, identyfikator procesu 0x8a4, godzina rozpoczęcia aplikacji 0x01cd6f1959484862. Error - 2012-07-31 09:05:21 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000005, przesunięcie błędu 0x0003e13d, identyfikator procesu 0xf98, godzina rozpoczęcia aplikacji 0x01cd6f1ad9cba90a. Error - 2012-08-02 13:06:31 | Computer Name = Slayerek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, moduł powodujący błąd Need For Speed The Run.exe, wersja 1.1.0.0, sygnatura czasowa 0x4f14cf9c, kod wyjątku 0xc0000005, przesunięcie błędu 0x010b54c8, identyfikator procesu 0x6d8, godzina rozpoczęcia aplikacji 0x01cd70cd475206a8. [ System Events ] Error - 2012-08-10 07:18:46 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:18:46 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:18:56 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7034 Description = Error - 2012-08-10 07:18:56 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:19:06 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:19:06 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:19:06 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2012-08-10 07:20:36 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7032 Description = Error - 2012-08-10 07:21:06 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7032 Description = Error - 2012-08-10 07:21:08 | Computer Name = Slayerek-PC | Source = Service Control Manager | ID = 7024 Description = < End of report >[/log]
Gość komentarz 10 sierpnia 2012 komentarz 10 sierpnia 2012 1. Uruchom OTL i w okno [b]Własne opcje skanowania /skrypt[/b] Wklej [code] :Processes killallprocesses :Files C:\dcpwb.exe C:\autorun.inf D:\autorun.inf D:\dcpwb.exe :commands [REBOOT] [/code] Kliknij [b]Wykonaj skrypt[/b] komputer będzie wymagał restartu zgódż się Podaj raport z usuwania Uruchom OTL i kliknij [b] NIC [/b] w okno [b]Własne opcje skanowania /skrypt[/b] wklej [code] C:\*.* D:\*.* [/code] kliknij skanuj Dostarcz raport Pozatym pendrivy masz pozarażane i z nich prawdopodobnie weszła infekcja. Pobierz Panda USB Vaccine: http://www.dobreprogramy.pl/Panda-USB-Vaccine,Program,Windows,29142.html Uruchom i kliknij komputer vaccine czy jakoś tak. Ściągnij usbfix: http://www.instalki.pl/programy/download/Windows/antywirusy/UsbFix.html Podłącz pendrivy i kliknij deletion Podaj nowy log z otl
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.