thoro1612 utworzono 11 stycznia 2013 utworzono 11 stycznia 2013 Witam. Mam problem mój procesor pracuje caly czas w 100%. Ewidentnie obciaza go pewien proces " A-130659735.exe " w 97 % Prosze o pomoc . Link do screena menadzera http://pics.tinypic.pl/i/00232/97deesgevm73.png
cubeaim komentarz 11 stycznia 2013 komentarz 11 stycznia 2013 A jaki to procesor? Model możesz podać?
thoro1612 komentarz 11 stycznia 2013 Autor komentarz 11 stycznia 2013 (edytowane) AMD athlon 64 processor 3800+ 2.41 ghz
Witek_21 komentarz 11 stycznia 2013 komentarz 11 stycznia 2013 Wrzuć logi z OTL i daj screena msconfigu z zakładki uruchamianie.
thoro1612 komentarz 11 stycznia 2013 Autor komentarz 11 stycznia 2013 LOGI OTL [log]OTL logfile created on: 2013-01-11 12:49:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zowada\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,51% Memory free 4,00 Gb Paging File | 2,49 Gb Available in Paging File | 62,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 118,91 Gb Free Space | 79,83% Space Free | Partition Type: NTFS Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (All) ========== PRC - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe PRC - [2013-01-11 12:16:22 | 000,151,696 | ---- | M] (Symantec Corporation) -- C:\Users\Zowada\Downloads\FxSasser.exe PRC - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-01-10 23:13:05 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe PRC - [2012-10-29 14:33:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012-10-29 13:53:15 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe PRC - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2008-09-24 15:43:36 | 003,862,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe ========== Modules (All) ========== MOD - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe MOD - [2013-01-11 12:16:22 | 000,151,696 | ---- | M] (Symantec Corporation) -- C:\Users\Zowada\Downloads\FxSasser.exe MOD - [2013-01-10 23:13:06 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013-01-10 23:13:06 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013-01-10 23:13:06 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013-01-10 23:13:05 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013-01-10 23:13:05 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-01-10 23:13:05 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013-01-10 23:13:05 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013-01-10 23:13:05 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013-01-10 23:13:05 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013-01-10 23:13:05 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013-01-10 23:13:05 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013-01-10 23:13:05 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013-01-10 23:13:05 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013-01-10 23:13:05 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013-01-10 23:13:05 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013-01-10 23:13:05 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013-01-10 23:13:05 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013-01-10 23:13:05 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2013-01-10 23:13:05 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe MOD - [2012-10-29 14:33:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe MOD - [2012-10-29 14:33:52 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012-10-29 13:53:15 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe MOD - [2012-10-29 13:53:15 | 000,466,944 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smwdmif.dll MOD - [2012-10-24 18:48:46 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012-10-24 18:48:46 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012-09-28 02:43:28 | 000,935,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2012-09-28 02:39:36 | 006,536,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2012-09-28 02:11:16 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 02:16:21 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2009-07-14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009-07-14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009-07-14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009-07-14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009-07-14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009-07-14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009-07-14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll MOD - [2009-07-14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll MOD - [2009-07-14 02:16:13 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009-07-14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll MOD - [2009-07-14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009-07-14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009-07-14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 02:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-07-14 02:15:41 | 000,392,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MPCLIENT.DLL MOD - [2009-07-14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009-07-14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2009-07-14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009-07-14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2009-07-14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009-07-14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll MOD - [2009-07-14 02:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2009-07-14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009-07-14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009-07-14 02:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009-07-14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 02:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2009-07-14 02:15:07 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 02:15:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009-07-14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:14:08 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2009-07-14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-07-14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009-06-10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll MOD - [2008-12-10 13:26:58 | 000,060,928 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysWOW64\SFFXComm.dll MOD - [2008-09-24 15:43:36 | 003,862,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe ========== Services (SafeList) ========== SRV:64bit: - [2012-10-29 13:53:14 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2012-09-28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-10 23:13:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-09 21:29:59 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-10-29 13:53:14 | 000,473,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE - HKLM\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bigseekpro.com/search/browser/shark007sfreecodecsolutions/{87DF9B4F-6F2E-44EC-B420-6AF571B90B9B}?q={searchTerms} IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-29 12:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Extensions [2012-11-21 20:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions [2012-10-29 13:39:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com [2012-10-29 13:39:38 | 000,002,339 | ---- | M] () -- C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml [2013-01-10 23:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Akamai NetSession Interface] "C:\Users\Zowada\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\RunOnce: [A-130659735] C:\Users\Zowada\AppData\Roaming\A-130659735.exe () O4 - Startup: C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982DBE29-4658-491A-AA36-5936307286C5}: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013-01-10 23:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-10 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hop [2013-01-10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013-01-10 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 8.6 [2013-01-10 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG 8.6 [2013-01-10 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder (2) [2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia Auto [2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Auto [2013-01-10 10:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto [2013-01-09 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013-01-09 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013-01-09 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013-01-08 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hh [2013-01-05 15:26:04 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\56 min [2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\DC++ [2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\DC++ [2013-01-04 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC++ [2012-12-30 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\OtLand [2012-12-30 22:42:33 | 000,148,992 | ---- | C] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe [2012-12-22 13:43:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\ato zdj [2012-12-21 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\auto [2012-12-20 10:29:05 | 004,891,136 | ---- | C] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak [2012-12-09 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Documents\samsung [2012-12-09 00:58:57 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2012-12-09 00:58:57 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2012-12-09 00:58:57 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2012-12-09 00:58:57 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys [2012-12-09 00:58:57 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2012-12-09 00:58:57 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys [2012-12-09 00:58:56 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2012-12-09 00:58:56 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys [2012-12-09 00:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012-12-09 00:57:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012-12-09 00:57:21 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2012-12-09 00:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012-12-09 00:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012-12-09 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\Downloaded Installations [2012-12-05 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\muza [2012-12-01 19:08:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder [2012-11-30 11:05:57 | 000,000,000 | -HSD | C] -- C:\found.000 [2012-11-28 14:17:24 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012-11-28 14:17:24 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012-11-28 14:17:18 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2012-11-28 14:17:18 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2012-11-28 14:17:18 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2012-11-28 14:17:18 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2012-11-28 14:17:18 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2012-11-28 14:17:18 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2012-11-28 14:17:18 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2012-11-28 14:17:18 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2012-11-28 14:17:18 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2012-11-28 14:17:18 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2012-11-28 14:17:18 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2012-11-28 14:17:18 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2012-11-28 14:17:18 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2012-11-28 14:17:18 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2012-11-28 14:17:18 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2012-11-28 14:17:18 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll [2012-11-28 14:17:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2012-11-28 14:17:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2012-11-28 14:17:18 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2012-11-28 14:17:18 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe [2012-11-19 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\mp3DirectCut [2012-11-19 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2012-11-12 16:11:38 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Tibia [2012-11-12 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2012-11-12 16:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia [2012-11-12 16:10:28 | 000,000,000 | R--D | C] -- C:\Users\Zowada\Documents\Notes ========== Files - Modified Within 60 Days ========== [2013-01-11 13:03:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-11 13:03:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-11 12:54:57 | 000,160,244 | ---- | M] () -- C:\Users\Zowada\Desktop\zakladka uruchamiane.png [2013-01-11 12:53:09 | 000,002,981 | ---- | M] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk [2013-01-11 12:26:24 | 000,274,218 | ---- | M] () -- C:\Users\Zowada\Desktop\100 % procek.png [2013-01-11 06:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-10 21:02:06 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-01-10 21:02:06 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-01-10 21:02:06 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-01-10 21:02:06 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-01-10 21:02:06 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-01-10 20:53:57 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2013-01-10 14:35:14 | 000,000,962 | ---- | M] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk [2013-01-10 10:07:33 | 000,001,914 | ---- | M] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk [2013-01-09 20:27:26 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-03 19:52:30 | 001,460,514 | ---- | M] () -- C:\Users\Zowada\Desktop\mata wzory.jpg [2013-01-02 08:53:48 | 001,447,773 | ---- | M] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg [2012-12-31 12:09:44 | 196,511,988 | ---- | M] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3 [2012-12-30 22:42:43 | 000,148,992 | ---- | M] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe [2012-12-26 20:32:57 | 000,002,884 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf [2012-12-23 20:47:57 | 014,727,113 | ---- | M] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3 [2012-12-21 11:49:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012-12-20 10:35:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2012-12-20 10:33:35 | 019,587,072 | ---- | M] () -- C:\ProgramData\Tibia_spr.bak [2012-12-20 10:33:15 | 000,820,802 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak [2012-12-20 10:29:07 | 004,891,136 | ---- | M] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak [2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe [2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe [2012-12-09 17:58:54 | 003,888,054 | ---- | M] () -- C:\Users\Zowada\Desktop\Nowy obraz mapy bitowej.bmp [2012-12-05 11:09:49 | 000,001,267 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rar [2012-12-03 23:42:30 | 000,004,544 | ---- | M] () -- C:\Users\Zowada\Desktop\NHH4EKFQ.jnt [2012-11-28 14:18:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012-11-28 14:17:24 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012-11-28 14:17:24 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012-11-28 14:17:24 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe [2012-11-28 14:17:18 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-11-28 14:17:18 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2012-11-28 14:17:18 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2012-11-28 14:17:18 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2012-11-28 14:17:18 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2012-11-28 14:17:18 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2012-11-28 14:17:18 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2012-11-28 14:17:18 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2012-11-28 14:17:18 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2012-11-28 14:17:18 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\3DAudio.ax [2012-11-28 14:17:18 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2012-11-28 14:17:18 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2012-11-28 14:17:18 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2012-11-28 14:17:18 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2012-11-28 14:17:18 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2012-11-28 14:17:18 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-11-28 14:17:18 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-11-28 14:17:18 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2012-11-28 14:17:18 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll [2012-11-28 14:17:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2012-11-28 14:17:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2012-11-28 14:17:18 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2012-11-28 14:17:18 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe [2012-11-28 14:17:06 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2012-11-19 14:00:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-11-19 13:51:14 | 000,001,059 | ---- | M] () -- C:\Users\Zowada\Desktop\mp3DirectCut.lnk [2012-11-12 16:11:07 | 000,006,058 | ---- | M] () -- C:\Users\Zowada\Desktop\Nowy dokument dziennika.jnt ========== Files Created - No Company Name ========== [2013-01-11 12:54:57 | 000,160,244 | ---- | C] () -- C:\Users\Zowada\Desktop\zakladka uruchamiane.png [2013-01-11 12:53:09 | 000,002,981 | ---- | C] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk [2013-01-11 12:26:24 | 000,274,218 | ---- | C] () -- C:\Users\Zowada\Desktop\100 % procek.png [2013-01-10 14:35:19 | 002,211,146 | RHS- | C] () -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe [2013-01-10 14:35:19 | 002,211,146 | RHS- | C] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe [2013-01-10 14:35:14 | 000,000,962 | ---- | C] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk [2013-01-10 10:07:33 | 000,001,914 | ---- | C] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk [2013-01-09 20:27:26 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-03 19:52:04 | 001,460,514 | ---- | C] () -- C:\Users\Zowada\Desktop\mata wzory.jpg [2013-01-02 08:53:55 | 001,447,773 | ---- | C] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg [2012-12-31 11:59:17 | 196,511,988 | ---- | C] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3 [2012-12-23 20:45:47 | 014,727,113 | ---- | C] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3 [2012-12-21 11:49:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012-12-20 10:13:49 | 019,587,072 | ---- | C] () -- C:\ProgramData\Tibia_spr.bak [2012-12-20 10:13:46 | 000,820,802 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak [2012-12-09 17:58:28 | 003,888,054 | ---- | C] () -- C:\Users\Zowada\Desktop\Nowy obraz mapy bitowej.bmp [2012-12-05 11:09:49 | 000,001,267 | ---- | C] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rar [2012-12-03 23:42:30 | 000,004,544 | ---- | C] () -- C:\Users\Zowada\Desktop\NHH4EKFQ.jnt [2012-12-01 18:45:08 | 000,002,884 | ---- | C] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf [2012-11-28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-11-28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-11-28 14:17:18 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\3DAudio.ax [2012-11-28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-11-28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-11-19 14:00:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-11-19 13:51:14 | 000,001,059 | ---- | C] () -- C:\Users\Zowada\Desktop\mp3DirectCut.lnk [2012-11-12 16:11:34 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk [2012-11-12 16:08:56 | 000,006,058 | ---- | C] () -- C:\Users\Zowada\Desktop\Nowy dokument dziennika.jnt [2012-10-29 14:26:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe [2012-10-29 13:39:33 | 000,290,500 | ---- | C] () -- C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx [2012-10-29 13:39:32 | 000,031,465 | ---- | C] () -- C:\Users\Zowada\AppData\Local\funmoods.crx [2012-10-29 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-09-06 12:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012-07-03 02:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-06-10 01:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-05-22 00:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011-12-08 05:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-01-04 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\DC++ [2012-10-29 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\LolClient [2012-11-19 13:59:18 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\mp3DirectCut [2013-01-10 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\Tibia [2012-11-04 23:56:45 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\TS3Client [2012-10-29 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\Win7codecs ========== Purity Check ========== < End of report > [/log] Hijackthis [log] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:11:34, on 2013-01-11 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Users\Zowada\Downloads\FxSasser.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Zowada\Downloads\OTL.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zowada\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\RunOnce: [A-130659735] "C:\Users\Zowada\AppData\Roaming\A-130659735.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Startup: A-130659735.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6705 bytes [/log] Zakladka Uruchamiane zdjecie http://www.tinypic.pl/u3qahmqlm52j
Natsuki Kuga komentarz 11 stycznia 2013 komentarz 11 stycznia 2013 Sprawca całego zamieszania: C:\Users\Zowada\Desktop\ElfBot NG.lnk Albo zaprzestaniesz używania ElfBota, albo infekcja nadal będzie się nawracać.1. Do OTL wklej: [spoiler] :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=942513107 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=942513107 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://searchfunmood...yE&cr=942513107 FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.startup.homepage: "http://searchfunmood...E&cr=942513107" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://searchfunmood...r=942513107&q=" [2012-10-29 13:39:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com [2012-10-29 13:39:38 | 000,002,339 | ---- | M] () -- C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\RunOnce: [A-130659735] C:\Users\Zowada\AppData\Roaming\A-130659735.exe () O4 - Startup: C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe () :Files C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx C:\Users\Zowada\AppData\Local\funmoods.crx [/spoiler]Wykonaj skrypt, pokaż raport.2. Użyj AdwCleaner z opcji Delete. Pokaż raport.3. Po wykonaniu wszystkiego zaprezentuj nowy log z OTL (wraz z Extras!), oraz log z RSIT (instrukcja w przyklejonych).
thoro1612 komentarz 13 stycznia 2013 Autor komentarz 13 stycznia 2013 OTL [log] ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found. Prefs.js: "Funmoods" removed from browser.search.defaultenginename Prefs.js: "http://searchfunmood...E&cr=942513107" removed from browser.startup.homepage Prefs.js: ffxtlbr%40funmoods.com:1.5.1 removed from extensions.enabledAddons Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 removed from extensions.enabledAddons Prefs.js: "http://searchfunmood...r=942513107&q=" removed from keyword.URL C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com folder moved successfully. C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found. File C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ not found. File C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll not found. Registry value HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\A-130659735 deleted successfully. C:\Users\Zowada\AppData\Roaming\A-130659735.exe moved successfully. C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe moved successfully. ========== FILES ========== C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx moved successfully. C:\Users\Zowada\AppData\Local\funmoods.crx moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 01132013_101253 [/log] ADW CLEANER [log] # AdwCleaner v2.105 - Log utworzony 13/01/2013 o 10:17:35 # Aktualizacja 08/01/2013 przez Xplode # System operacyjny : Windows 7 Ultimate (64 bits) # Użytkownik : Zowada - ZOWADA-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Plik Usunięto : C:\Users\Zowada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage Usunięto po restarcie : C:\Users\Zowada\AppData\LocalLow\Funmoods Usunięto po restarcie : C:\Users\Zowada\AppData\LocalLow\Toolbar4 ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\Funmoods Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Rejestr w porządku. -\\ Mozilla Firefox v18.0 (pl) Plik : C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default\prefs.js C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default\user.js ... Usunięto ! Usunięto : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN[...] Usunięto : user_pref("extensions.funmoods.aflt", "iron2"); Usunięto : user_pref("extensions.funmoods.autoRvrt", false); Usunięto : user_pref("extensions.funmoods.dfltLng", ""); Usunięto : user_pref("extensions.funmoods.dfltSrch", true); Usunięto : user_pref("extensions.funmoods.dnsErr", true); Usunięto : user_pref("extensions.funmoods.envrmnt", "production"); Usunięto : user_pref("extensions.funmoods.excTlbr", false); Usunięto : user_pref("extensions.funmoods.hmpg", true); Usunięto : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[...] Usunięto : user_pref("extensions.funmoods.id", "0018F3F4E68A791E"); Usunięto : user_pref("extensions.funmoods.instlDay", "15642"); Usunięto : user_pref("extensions.funmoods.instlRef", "iron2"); Usunięto : user_pref("extensions.funmoods.isdcmntcmplt", true); Usunięto : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Usunięto : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...] Usunięto : user_pref("extensions.funmoods.prdct", "funmoods"); Usunięto : user_pref("extensions.funmoods.prtnrId", "funmoods"); Usunięto : user_pref("extensions.funmoods.srchPrvdr", "Search"); Usunięto : user_pref("extensions.funmoods.tlbrId", "base"); Usunięto : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...] Usunięto : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Usunięto : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Usunięto : user_pref("extensions.funmoods_i.newTab", true); Usunięto : user_pref("extensions.funmoods_i.smplGrp", "none"); Usunięto : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:39:29"); ************************* AdwCleaner[S1].txt - [5918 octets] - [13/01/2013 10:17:35] ########## EOF - C:\AdwCleaner[S1].txt - [5978 octets] ########## [/log] OTL SCAN+ EXTRAS [log] OTL logfile created on: 2013-01-13 10:25:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zowada\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,53% Memory free 4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 119,56 Gb Free Space | 80,27% Space Free | Partition Type: NTFS Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (All) ========== PRC - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe PRC - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (All) ========== MOD - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe MOD - [2013-01-10 23:13:06 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013-01-10 23:13:06 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013-01-10 23:13:06 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013-01-10 23:13:05 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013-01-10 23:13:05 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-01-10 23:13:05 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013-01-10 23:13:05 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013-01-10 23:13:05 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013-01-10 23:13:05 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013-01-10 23:13:05 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013-01-10 23:13:05 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013-01-10 23:13:05 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013-01-10 23:13:05 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013-01-10 23:13:05 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013-01-10 23:13:05 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013-01-10 23:13:05 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013-01-10 23:13:05 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013-01-10 23:13:05 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2012-10-24 18:48:46 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012-10-24 18:48:46 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012-09-28 02:43:28 | 000,935,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2012-09-28 02:39:36 | 006,536,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2012-09-28 02:11:16 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009-07-14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009-07-14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009-07-14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009-07-14 02:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-07-14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009-07-14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009-07-14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009-07-14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009-07-14 02:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009-07-14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 02:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 02:15:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Services (SafeList) ========== SRV:64bit: - [2012-10-29 13:53:14 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2012-09-28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-10 23:13:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-09 21:29:59 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-10-29 13:53:14 | 000,473,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bigseekpro.com/search/browser/shark007sfreecodecsolutions/{87DF9B4F-6F2E-44EC-B420-6AF571B90B9B}?q={searchTerms} IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-29 12:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Extensions [2013-01-13 10:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions [2013-01-10 23:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-10 23:13:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2013-01-10 23:13:05 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982DBE29-4658-491A-AA36-5936307286C5}: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-01-13 10:12:53 | 000,000,000 | ---D | C] -- C:\_OTL [2013-01-12 10:19:06 | 000,379,056 | ---- | C] (Softonic) -- C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe [2013-01-11 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\skany [2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013-01-10 23:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-10 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hop [2013-01-10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013-01-10 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 8.6 [2013-01-10 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG 8.6 [2013-01-10 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder (2) [2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia Auto [2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Auto [2013-01-10 10:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto [2013-01-09 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013-01-09 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013-01-09 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013-01-08 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hh [2013-01-05 15:26:04 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\56 min [2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\DC++ [2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\DC++ [2013-01-04 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC++ [2012-12-30 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\OtLand [2012-12-30 22:42:33 | 000,148,992 | ---- | C] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe [2012-12-22 13:43:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\ato zdj [2012-12-21 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\auto [2012-12-20 10:29:05 | 004,891,136 | ---- | C] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak ========== Files - Modified Within 30 Days ========== [2013-01-13 10:26:52 | 000,781,383 | ---- | M] () -- C:\Users\Zowada\Desktop\RSIT.exe [2013-01-13 10:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-13 10:22:27 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2013-01-13 10:15:48 | 000,554,087 | ---- | M] () -- C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe [2013-01-13 01:26:59 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-01-13 01:26:59 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-01-13 01:26:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-01-13 01:26:59 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-01-13 01:26:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-01-12 12:18:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-12 12:18:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-12 10:19:23 | 000,379,056 | ---- | M] (Softonic) -- C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe [2013-01-11 15:42:34 | 000,000,368 | ---- | M] () -- C:\Users\Zowada\Desktop\glowny_96.m3u [2013-01-11 12:53:09 | 000,002,981 | ---- | M] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk [2013-01-11 12:26:24 | 000,274,218 | ---- | M] () -- C:\Users\Zowada\Desktop\100 % procek.png [2013-01-10 14:35:14 | 000,000,962 | ---- | M] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk [2013-01-10 10:07:33 | 000,001,914 | ---- | M] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk [2013-01-09 20:27:26 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-03 19:52:30 | 001,460,514 | ---- | M] () -- C:\Users\Zowada\Desktop\mata wzory.jpg [2013-01-02 08:53:48 | 001,447,773 | ---- | M] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg [2012-12-31 12:09:44 | 196,511,988 | ---- | M] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3 [2012-12-30 22:42:43 | 000,148,992 | ---- | M] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe [2012-12-26 20:32:57 | 000,002,884 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf [2012-12-23 20:47:57 | 014,727,113 | ---- | M] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3 [2012-12-21 11:49:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012-12-20 10:35:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2012-12-20 10:33:35 | 019,587,072 | ---- | M] () -- C:\ProgramData\Tibia_spr.bak [2012-12-20 10:33:15 | 000,820,802 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak [2012-12-20 10:29:07 | 004,891,136 | ---- | M] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak ========== Files Created - No Company Name ========== [2013-01-13 10:26:43 | 000,781,383 | ---- | C] () -- C:\Users\Zowada\Desktop\RSIT.exe [2013-01-13 10:15:16 | 000,554,087 | ---- | C] () -- C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe [2013-01-11 15:42:32 | 000,000,368 | ---- | C] () -- C:\Users\Zowada\Desktop\glowny_96.m3u [2013-01-11 12:53:09 | 000,002,981 | ---- | C] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk [2013-01-11 12:26:24 | 000,274,218 | ---- | C] () -- C:\Users\Zowada\Desktop\100 % procek.png [2013-01-10 14:35:14 | 000,000,962 | ---- | C] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk [2013-01-10 10:07:33 | 000,001,914 | ---- | C] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk [2013-01-09 20:27:26 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-03 19:52:04 | 001,460,514 | ---- | C] () -- C:\Users\Zowada\Desktop\mata wzory.jpg [2013-01-02 08:53:55 | 001,447,773 | ---- | C] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg [2012-12-31 11:59:17 | 196,511,988 | ---- | C] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3 [2012-12-23 20:45:47 | 014,727,113 | ---- | C] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3 [2012-12-21 11:49:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012-12-20 10:13:49 | 019,587,072 | ---- | C] () -- C:\ProgramData\Tibia_spr.bak [2012-12-20 10:13:46 | 000,820,802 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak [2012-11-28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-11-28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-11-28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-11-28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-11-28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-10-29 14:26:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe [2012-10-29 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-09-06 12:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012-07-03 02:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-06-10 01:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-05-22 00:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011-12-08 05:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/log] extras [log] OTL Extras logfile created on: 2013-01-13 10:25:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zowada\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,53% Memory free 4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 119,56 Gb Free Space | 80,27% Space Free | Partition Type: NTFS Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CBF58C0-76BC-4EF1-9EE1-6BCB254CB674}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2592E300-19DC-49D6-A7C8-C3EE9851CC8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{28F4544F-31EF-4C9B-BA73-FD043CD7CD2B}" = rport=137 | protocol=17 | dir=out | app=system | "{2ACD9BF8-A427-4BE0-8E92-9E8AEADF9BDC}" = lport=137 | protocol=17 | dir=in | app=system | "{33D62B04-D26F-43D6-8673-0BBF569DD399}" = lport=445 | protocol=6 | dir=in | app=system | "{37B3FFF1-C1CC-4FB4-A20C-CE2381EEF612}" = rport=139 | protocol=6 | dir=out | app=system | "{51FF228B-2982-42EC-8961-B26AE373BA74}" = lport=139 | protocol=6 | dir=in | app=system | "{54F4FA4F-0C7C-4D81-8F35-9A6A528F0194}" = lport=58281 | protocol=17 | dir=in | name=pando media booster | "{6896AAB7-1D19-4B36-9AA3-5D49575DB0CA}" = rport=445 | protocol=6 | dir=out | app=system | "{774B57DD-4221-4C2B-9756-E4CC5F38B623}" = lport=58281 | protocol=6 | dir=in | name=pando media booster | "{8A2F4587-F407-4611-B4A7-10B8B351FEB1}" = lport=58281 | protocol=17 | dir=in | name=pando media booster | "{90476681-7575-4753-AEB5-3E879A44774E}" = lport=138 | protocol=17 | dir=in | app=system | "{A75B9307-6A83-4A5B-B165-807FFEAC0D55}" = lport=58281 | protocol=6 | dir=in | name=pando media booster | "{CFDF15CB-15D4-405B-A325-87B589113393}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E2119640-308E-47B7-9AC6-CEAC12983883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1E0E7BE-D5A2-4B96-BAD5-231F185D793F}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D18CA71-0B92-40C1-B083-2306307B6FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{14907769-BFCE-445D-967C-8A2B832F9A90}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F222838-5869-4E59-AD7F-40503E38ED87}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4BB850A7-84A7-4F24-9E90-777B8059A3EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{55FC5082-E2A5-44AD-9676-27CB2C1619DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7110D3DA-BB03-4039-9428-F81A95EFE1A9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{76E5E481-5922-44FC-8CD4-6E361E895F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7B4ED587-E368-402E-9621-E0DD893728FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8042699D-827E-4C69-9FCB-A2C707A20A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8889ABFE-00A0-4AFA-A2BA-ACFF03AA9C5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8FB9AE5A-7443-40F5-9133-19E261EDE9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9AC75B06-EC8A-450D-AE29-9E8F05392D66}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B471AC20-F714-4B85-A3A5-06B5BC2B028A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D139AAF5-F676-4F85-B1DE-DC76ED007198}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D92BC90E-4313-436D-A9E3-10771FE6C7DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DC17535D-8B8B-4ED1-97FD-C18C9D1A4BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FE3CBC87-AA06-46A7-A762-19E172055E60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{47C22F64-26AB-4280-A1D1-CA597328EBE1}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "TCP Query User{7D96141D-A3DA-4D3B-935A-C32D02273990}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "TCP Query User{83A07A57-B94E-468F-89B8-63A47B12F531}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe | "TCP Query User{8D5A7BFC-2DB7-4737-8735-DD34C92050B7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{A7AAC017-8128-4D9A-802A-FFCCB55B9CE9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{E51D7AB1-CB76-400F-ADA7-A2796B9AE7DA}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe | "UDP Query User{10484CF5-3E2E-4523-8B8C-7B3BF7C546CC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{5BF0B8E0-8357-45B3-AB01-8C655D9FCACF}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | "UDP Query User{6B4B36FC-69C9-4C52-AB8D-0AF2A3C84E1F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{93E4D9BE-B92E-453C-9E3E-274ED8E02833}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe | "UDP Query User{9EF46AD1-D1D2-4FC6-9C9E-A514B65BC97F}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe | "UDP Query User{BA57226E-3EBA-4B39-8A48-BE79476F3F94}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders "{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{A44D35BC-F2DF-00E9-79BF-34967DF0E4E8}" = AMD Drag and Drop Transcoding "{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard "{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese "{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional "{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish "{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French "{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian "{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish "{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish "{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish "{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common "{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai "{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish "{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish "{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian "{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean "{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All "{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech "{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese "{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DC++" = DC++ 0.802 "ElfBot NG_is1" = ElfBot NG 4.5.9 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Host OpenAL (ADI)" = Host OpenAL (ADI) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.20 (32-bitowy) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2012-12-20 05:33:35 | Computer Name = Zowada-Komputer | Source = Application Hang | ID = 1002 Description = Program Tibia.exe w wersji 9.8.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: ddc Godzina rozpoczęcia: 01cdde95017dcae9 Godzina zakończenia: 35 Ścieżka aplikacji: C:\Program Files (x86)\Tibia\Tibia.exe Identyfikator raportu: 51b3c342-4a88-11e2-b7df-0018f3f4e68a Error - 2013-01-08 02:41:01 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x5065fdea Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5be02b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000000000004d174 Identyfikator procesu powodującego błąd: 0x634 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdeb984940dc5a Ścieżka aplikacji powodującej błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 5da9f6b2-595e-11e2-9c98-0018f3f4e68a Error - 2013-01-11 05:52:35 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x50c998d7 Nazwa modułu powodującego błąd: MFC42.DLL, wersja: 6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00013613 Identyfikator procesu powodującego błąd: 0x334 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdefdf0a8b8bff Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Tibia Auto\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\MFC42.DLL Identyfikator raportu: 9fe55e84-5bd4-11e2-af85-0018f3f4e68a Error - 2013-01-11 05:52:44 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x50c998d7 Nazwa modułu powodującego błąd: MFC42.DLL, wersja: 6.6.8063.0, sygnatura czasowa: 0x4a5bda30 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00013613 Identyfikator procesu powodującego błąd: 0x334 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdefdf0a8b8bff Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Tibia Auto\tibiaauto.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\MFC42.DLL Identyfikator raportu: a4c50b1e-5bd4-11e2-af85-0018f3f4e68a Error - 2013-01-12 05:19:07 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 2013-01-12 05:19:24 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 2013-01-12 05:19:33 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 2013-01-12 05:19:34 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 2013-01-12 05:19:42 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 2013-01-12 05:20:18 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. [ System Events ] Error - 2013-01-09 16:30:08 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: %%1053 Error - 2013-01-10 15:53:55 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-01-11 08:50:03 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-01-11 11:03:19 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-01-11 21:50:15 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = DCOM | ID = 10005 Description = Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7038 Description = Usługa upnphost nie może zalogować się jako NT AUTHORITY\LocalService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%1352 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Host urządzenia UPnP z powodu następującego błędu: %%1069 Error - 2013-01-12 07:10:43 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. Error - 2013-01-13 05:22:27 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego. < End of report > [/log] RSIT [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Zowada at 2013-01-13 10:34:10 Microsoft Windows 7 Ultimate System drive C: has 122 GB (80%) free of 153 GB Total RAM: 2047 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:34:12, on 2013-01-13 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Zowada\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Zowada.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4957 bytes =========Mozilla firefox========= ProfilePath - C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.4.402.287 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files (x86)\Mozilla Firefox\searchplugins\ allegro-pl.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.l3pacm"=l3codecp.acm "msacm.aacacm"=AACACM.acm "msacm.lameacm"=lameACM.acm "msacm.ac3acm"=ac3acm.acm "VIDC.LAGS"=lagarith.dll "VIDC.FFDS"=ff_vfw.dll "VIDC.X264"=x264vfw.dll "msacm.ac3filter"=ac3filter.acm "VIDC.MLCY"=mlc.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-01-13 10:26:59 ----D---- C:\rsit 2013-01-13 10:17:35 ----A---- C:\AdwCleaner[S1].txt 2013-01-13 10:12:53 ----D---- C:\_OTL 2013-01-11 12:53:09 ----D---- C:\Program Files (x86)\Trend Micro 2013-01-10 23:12:54 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-01-10 14:39:30 ----D---- C:\ProgramData\TEMP 2013-01-10 14:35:13 ----D---- C:\Program Files (x86)\ElfBot NG 8.6 2013-01-10 10:06:43 ----D---- C:\Program Files (x86)\Tibia Auto 2013-01-09 20:27:25 ----D---- C:\Program Files (x86)\Common Files\Steam 2013-01-09 20:27:21 ----D---- C:\Program Files (x86)\Steam 2013-01-04 12:23:30 ----D---- C:\Users\Zowada\AppData\Roaming\DC++ 2012-12-20 10:29:05 ----A---- C:\ProgramData\Tibia.bak 2012-12-20 10:13:49 ----A---- C:\ProgramData\Tibia_spr.bak 2012-12-20 10:13:46 ----A---- C:\ProgramData\Tibia_dat.bak ======List of files/folders modified in the last 1 month====== 2013-01-13 10:34:11 ----D---- C:\Windows\Temp 2013-01-13 10:31:07 ----D---- C:\Windows\System32 2013-01-13 10:31:07 ----D---- C:\Windows\inf 2013-01-13 10:28:42 ----D---- C:\Windows\Prefetch 2013-01-13 10:22:44 ----D---- C:\Windows 2013-01-11 15:29:26 ----RD---- C:\Program Files (x86) 2013-01-11 13:50:05 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-11 12:53:11 ----SHD---- C:\Windows\Installer 2013-01-11 12:53:09 ----SD---- C:\Users\Zowada\AppData\Roaming\Microsoft 2013-01-11 12:52:44 ----SHD---- C:\System Volume Information 2013-01-10 14:47:35 ----D---- C:\Users\Zowada\AppData\Roaming\Tibia 2013-01-10 14:39:30 ----HD---- C:\ProgramData 2013-01-10 11:08:05 ----D---- C:\ProgramData\PMB Files 2013-01-10 10:07:33 ----D---- C:\Program Files (x86)\Tibia 2013-01-09 20:27:25 ----D---- C:\Program Files (x86)\Common Files 2013-01-04 12:18:54 ----D---- C:\Program Files (x86)\DC++ 2012-12-21 11:49:20 ----D---- C:\Windows\ModemLogs ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x64.sys [] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-10 115760] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-09 541760] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF----------------- [/log]
Natsuki Kuga komentarz 14 stycznia 2013 komentarz 14 stycznia 2013 1. Do OTL wklej: [spoiler] :OTL O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found [/spoiler]Wykonaj skrypt.2. Uruchom OTL ponownie i kliknij Sprzątanie, w AdwCleaner kliknij Uninstall.3. Zresetuj foldery Przywracania systemu: Klik4. Użyj TFC. To wszystko.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.