x-kom hosting

Procesor 100%? Wtf wirus ? Pomocy

thoro1612
utworzono
utworzono

Witam.

 

Mam problem mój procesor pracuje caly czas w 100%.

Ewidentnie obciaza go pewien proces "  A-130659735.exe "  w 97 %

Prosze o pomoc .

Link do screena menadzera

 

http://pics.tinypic.pl/i/00232/97deesgevm73.png

cubeaim
komentarz
komentarz

A jaki to procesor? Model możesz podać?

thoro1612
komentarz
komentarz (edytowane)

AMD athlon 64 processor 3800+ 2.41 ghz

Witek_21
komentarz
komentarz

Wrzuć logi z OTL i daj screena msconfigu z zakładki uruchamianie.

thoro1612
komentarz
komentarz

LOGI

 

OTL

 

[log]OTL logfile created on: 2013-01-11 12:49:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zowada\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,51% Memory free
4,00 Gb Paging File | 2,49 Gb Available in Paging File | 62,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 118,91 Gb Free Space | 79,83% Space Free | Partition Type: NTFS
 
Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (All) ==========
 
PRC - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe
PRC - [2013-01-11 12:16:22 | 000,151,696 | ---- | M] (Symantec Corporation) -- C:\Users\Zowada\Downloads\FxSasser.exe
PRC - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-01-10 23:13:05 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe
PRC - [2012-10-29 14:33:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012-10-29 13:53:15 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2008-09-24 15:43:36 | 003,862,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
 
 
========== Modules (All) ==========
 
MOD - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe
MOD - [2013-01-11 12:16:22 | 000,151,696 | ---- | M] (Symantec Corporation) -- C:\Users\Zowada\Downloads\FxSasser.exe
MOD - [2013-01-10 23:13:06 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MOD - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2013-01-10 23:13:06 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MOD - [2013-01-10 23:13:06 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2013-01-10 23:13:05 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2013-01-10 23:13:05 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-01-10 23:13:05 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MOD - [2013-01-10 23:13:05 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2013-01-10 23:13:05 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2013-01-10 23:13:05 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MOD - [2013-01-10 23:13:05 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MOD - [2013-01-10 23:13:05 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2013-01-10 23:13:05 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2013-01-10 23:13:05 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MOD - [2013-01-10 23:13:05 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MOD - [2013-01-10 23:13:05 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2013-01-10 23:13:05 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MOD - [2013-01-10 23:13:05 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MOD - [2013-01-10 23:13:05 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MOD - [2013-01-10 23:13:05 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MOD - [2012-10-29 14:33:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
MOD - [2012-10-29 14:33:52 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012-10-29 13:53:15 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MOD - [2012-10-29 13:53:15 | 000,466,944 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smwdmif.dll
MOD - [2012-10-24 18:48:46 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MOD - [2012-10-24 18:48:46 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MOD - [2012-09-28 02:43:28 | 000,935,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll
MOD - [2012-09-28 02:39:36 | 006,536,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll
MOD - [2012-09-28 02:11:16 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll
MOD - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009-07-14 02:16:21 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2009-07-14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
MOD - [2009-07-14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009-07-14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009-07-14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009-07-14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009-07-14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009-07-14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll
MOD - [2009-07-14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009-07-14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009-07-14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009-07-14 02:16:13 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009-07-14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009-07-14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009-07-14 02:16:12 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2009-07-14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009-07-14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009-07-14 02:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2009-07-14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009-07-14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009-07-14 02:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009-07-14 02:15:41 | 000,392,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MPCLIENT.DLL
MOD - [2009-07-14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009-07-14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll
MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009-07-14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll
MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2009-07-14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009-07-14 02:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2009-07-14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2009-07-14 02:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009-07-14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll
MOD - [2009-07-14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll
MOD - [2009-07-14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009-07-14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2009-07-14 02:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009-07-14 02:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2009-07-14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009-07-14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll
MOD - [2009-07-14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009-07-14 02:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009-07-14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009-07-14 02:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2009-07-14 02:15:07 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009-07-14 02:15:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009-07-14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2009-07-14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009-07-14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009-07-14 02:14:08 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv
MOD - [2009-07-14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv
MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009-07-14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009-06-10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2008-12-10 13:26:58 | 000,060,928 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysWOW64\SFFXComm.dll
MOD - [2008-09-24 15:43:36 | 003,862,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012-10-29 13:53:14 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2012-09-28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-10 23:13:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 21:29:59 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012-10-29 13:53:14 | 000,473,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE - HKLM\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bigseekpro.com/search/browser/shark007sfreecodecsolutions/{87DF9B4F-6F2E-44EC-B420-6AF571B90B9B}?q={searchTerms}
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-10-29 12:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Extensions
[2012-11-21 20:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions
[2012-10-29 13:39:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com
[2012-10-29 13:39:38 | 000,002,339 | ---- | M] () -- C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml
[2013-01-10 23:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Akamai NetSession Interface] "C:\Users\Zowada\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\RunOnce: [A-130659735] C:\Users\Zowada\AppData\Roaming\A-130659735.exe ()
O4 - Startup: C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982DBE29-4658-491A-AA36-5936307286C5}: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013-01-10 23:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-01-10 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hop
[2013-01-10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013-01-10 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 8.6
[2013-01-10 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG 8.6
[2013-01-10 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder (2)
[2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia Auto
[2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Auto
[2013-01-10 10:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto
[2013-01-09 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013-01-09 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013-01-09 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013-01-08 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hh
[2013-01-05 15:26:04 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\56 min
[2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\DC++
[2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\DC++
[2013-01-04 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC++
[2012-12-30 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\OtLand
[2012-12-30 22:42:33 | 000,148,992 | ---- | C] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe
[2012-12-22 13:43:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\ato zdj
[2012-12-21 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\auto
[2012-12-20 10:29:05 | 004,891,136 | ---- | C] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak
[2012-12-09 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Documents\samsung
[2012-12-09 00:58:57 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012-12-09 00:58:57 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012-12-09 00:58:57 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012-12-09 00:58:57 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012-12-09 00:58:57 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012-12-09 00:58:57 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012-12-09 00:58:56 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012-12-09 00:58:56 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012-12-09 00:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012-12-09 00:57:36 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012-12-09 00:57:21 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012-12-09 00:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012-12-09 00:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012-12-09 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\Downloaded Installations
[2012-12-05 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\muza
[2012-12-01 19:08:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder
[2012-11-30 11:05:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2012-11-28 14:17:24 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012-11-28 14:17:24 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012-11-28 14:17:18 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2012-11-28 14:17:18 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2012-11-28 14:17:18 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2012-11-28 14:17:18 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2012-11-28 14:17:18 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2012-11-28 14:17:18 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2012-11-28 14:17:18 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2012-11-28 14:17:18 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2012-11-28 14:17:18 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2012-11-28 14:17:18 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2012-11-28 14:17:18 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2012-11-28 14:17:18 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2012-11-28 14:17:18 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2012-11-28 14:17:18 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2012-11-28 14:17:18 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2012-11-28 14:17:18 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
[2012-11-28 14:17:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2012-11-28 14:17:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2012-11-28 14:17:18 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2012-11-28 14:17:18 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
[2012-11-19 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\mp3DirectCut
[2012-11-19 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2012-11-12 16:11:38 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Tibia
[2012-11-12 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2012-11-12 16:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia
[2012-11-12 16:10:28 | 000,000,000 | R--D | C] -- C:\Users\Zowada\Documents\Notes
 
========== Files - Modified Within 60 Days ==========
 
[2013-01-11 13:03:25 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-11 13:03:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-11 12:54:57 | 000,160,244 | ---- | M] () -- C:\Users\Zowada\Desktop\zakladka uruchamiane.png
[2013-01-11 12:53:09 | 000,002,981 | ---- | M] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk
[2013-01-11 12:26:24 | 000,274,218 | ---- | M] () -- C:\Users\Zowada\Desktop\100 % procek.png
[2013-01-11 06:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-10 21:02:06 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-10 21:02:06 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-01-10 21:02:06 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-10 21:02:06 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-01-10 21:02:06 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-10 20:53:57 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-10 14:35:14 | 000,000,962 | ---- | M] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk
[2013-01-10 10:07:33 | 000,001,914 | ---- | M] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk
[2013-01-09 20:27:26 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-03 19:52:30 | 001,460,514 | ---- | M] () -- C:\Users\Zowada\Desktop\mata wzory.jpg
[2013-01-02 08:53:48 | 001,447,773 | ---- | M] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg
[2012-12-31 12:09:44 | 196,511,988 | ---- | M] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3
[2012-12-30 22:42:43 | 000,148,992 | ---- | M] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe
[2012-12-26 20:32:57 | 000,002,884 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf
[2012-12-23 20:47:57 | 014,727,113 | ---- | M] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3
[2012-12-21 11:49:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012-12-20 10:35:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2012-12-20 10:33:35 | 019,587,072 | ---- | M] () -- C:\ProgramData\Tibia_spr.bak
[2012-12-20 10:33:15 | 000,820,802 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak
[2012-12-20 10:29:07 | 004,891,136 | ---- | M] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak
[2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe
[2012-12-19 01:23:25 | 002,211,146 | RHS- | M] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe
[2012-12-09 17:58:54 | 003,888,054 | ---- | M] () -- C:\Users\Zowada\Desktop\Nowy obraz mapy bitowej.bmp
[2012-12-05 11:09:49 | 000,001,267 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rar
[2012-12-03 23:42:30 | 000,004,544 | ---- | M] () -- C:\Users\Zowada\Desktop\NHH4EKFQ.jnt
[2012-11-28 14:18:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012-11-28 14:17:24 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012-11-28 14:17:24 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012-11-28 14:17:24 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2012-11-28 14:17:18 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-11-28 14:17:18 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2012-11-28 14:17:18 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2012-11-28 14:17:18 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2012-11-28 14:17:18 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2012-11-28 14:17:18 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2012-11-28 14:17:18 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2012-11-28 14:17:18 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2012-11-28 14:17:18 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2012-11-28 14:17:18 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\3DAudio.ax
[2012-11-28 14:17:18 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2012-11-28 14:17:18 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2012-11-28 14:17:18 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2012-11-28 14:17:18 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2012-11-28 14:17:18 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2012-11-28 14:17:18 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-11-28 14:17:18 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-11-28 14:17:18 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2012-11-28 14:17:18 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
[2012-11-28 14:17:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2012-11-28 14:17:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2012-11-28 14:17:18 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2012-11-28 14:17:18 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
[2012-11-28 14:17:06 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012-11-19 14:00:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012-11-19 13:51:14 | 000,001,059 | ---- | M] () -- C:\Users\Zowada\Desktop\mp3DirectCut.lnk
[2012-11-12 16:11:07 | 000,006,058 | ---- | M] () -- C:\Users\Zowada\Desktop\Nowy dokument dziennika.jnt
 
========== Files Created - No Company Name ==========
 
[2013-01-11 12:54:57 | 000,160,244 | ---- | C] () -- C:\Users\Zowada\Desktop\zakladka uruchamiane.png
[2013-01-11 12:53:09 | 000,002,981 | ---- | C] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk
[2013-01-11 12:26:24 | 000,274,218 | ---- | C] () -- C:\Users\Zowada\Desktop\100 % procek.png
[2013-01-10 14:35:19 | 002,211,146 | RHS- | C] () -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe
[2013-01-10 14:35:19 | 002,211,146 | RHS- | C] () -- C:\Users\Zowada\AppData\Roaming\A-130659735.exe
[2013-01-10 14:35:14 | 000,000,962 | ---- | C] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk
[2013-01-10 10:07:33 | 000,001,914 | ---- | C] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk
[2013-01-09 20:27:26 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-03 19:52:04 | 001,460,514 | ---- | C] () -- C:\Users\Zowada\Desktop\mata wzory.jpg
[2013-01-02 08:53:55 | 001,447,773 | ---- | C] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg
[2012-12-31 11:59:17 | 196,511,988 | ---- | C] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3
[2012-12-23 20:45:47 | 014,727,113 | ---- | C] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3
[2012-12-21 11:49:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012-12-20 10:13:49 | 019,587,072 | ---- | C] () -- C:\ProgramData\Tibia_spr.bak
[2012-12-20 10:13:46 | 000,820,802 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak
[2012-12-09 17:58:28 | 003,888,054 | ---- | C] () -- C:\Users\Zowada\Desktop\Nowy obraz mapy bitowej.bmp
[2012-12-05 11:09:49 | 000,001,267 | ---- | C] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rar
[2012-12-03 23:42:30 | 000,004,544 | ---- | C] () -- C:\Users\Zowada\Desktop\NHH4EKFQ.jnt
[2012-12-01 18:45:08 | 000,002,884 | ---- | C] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf
[2012-11-28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-11-28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-11-28 14:17:18 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\3DAudio.ax
[2012-11-28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-11-28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-11-19 14:00:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012-11-19 13:51:14 | 000,001,059 | ---- | C] () -- C:\Users\Zowada\Desktop\mp3DirectCut.lnk
[2012-11-12 16:11:34 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk
[2012-11-12 16:08:56 | 000,006,058 | ---- | C] () -- C:\Users\Zowada\Desktop\Nowy dokument dziennika.jnt
[2012-10-29 14:26:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2012-10-29 13:39:33 | 000,290,500 | ---- | C] () -- C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx
[2012-10-29 13:39:32 | 000,031,465 | ---- | C] () -- C:\Users\Zowada\AppData\Local\funmoods.crx
[2012-10-29 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-09-06 12:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012-07-03 02:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-06-10 01:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-05-22 00:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011-12-08 05:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-01-04 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\DC++
[2012-10-29 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\LolClient
[2012-11-19 13:59:18 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\mp3DirectCut
[2013-01-10 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\Tibia
[2012-11-04 23:56:45 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\TS3Client
[2012-10-29 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\Zowada\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 

< End of report >

[/log]

 

 

 

 

Hijackthis

 

 

[log] Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:34, on 2013-01-11
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Users\Zowada\Downloads\FxSasser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Zowada\Downloads\OTL.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0FyE0EyCzz0AyBzytC0EtN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=942513107
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zowada\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [A-130659735] "C:\Users\Zowada\AppData\Roaming\A-130659735.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Startup: A-130659735.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6705 bytes

[/log]

 

Zakladka Uruchamiane zdjecie

http://www.tinypic.pl/u3qahmqlm52j

Natsuki Kuga
komentarz
komentarz

Sprawca całego zamieszania:

C:\Users\Zowada\Desktop\ElfBot NG.lnk

Albo zaprzestaniesz używania ElfBota, albo infekcja nadal będzie się nawracać.

1. Do OTL wklej:
[spoiler]
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=942513107
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=942513107
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=942513107
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://searchfunmood...yE&cr=942513107
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.startup.homepage: "http://searchfunmood...E&cr=942513107"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://searchfunmood...r=942513107&q="
[2012-10-29 13:39:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com
[2012-10-29 13:39:38 | 000,002,339 | ---- | M] () -- C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O4 - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001..\RunOnce: [A-130659735] C:\Users\Zowada\AppData\Roaming\A-130659735.exe ()
O4 - Startup: C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe ()

:Files
C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx
C:\Users\Zowada\AppData\Local\funmoods.crx
[/spoiler]
Wykonaj skrypt, pokaż raport.

2. Użyj AdwCleaner z opcji Delete. Pokaż raport.

3. Po wykonaniu wszystkiego zaprezentuj nowy log z OTL (wraz z Extras!), oraz log z RSIT (instrukcja w przyklejonych).

thoro1612
komentarz
komentarz

OTL

[log] ========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Prefs.js: "Funmoods" removed from browser.search.defaultenginename
Prefs.js: "http://searchfunmood...E&cr=942513107" removed from browser.startup.homepage
Prefs.js: ffxtlbr%40funmoods.com:1.5.1 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 removed from extensions.enabledAddons
Prefs.js: "http://searchfunmood...r=942513107&q=" removed from keyword.URL
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Users\Zowada\AppData\Roaming\mozilla\firefox\profiles\lfmf86hz.default\searchplugins\Funmoods.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ not found.
File C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ not found.
File C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\A-130659735 deleted successfully.
C:\Users\Zowada\AppData\Roaming\A-130659735.exe moved successfully.
C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A-130659735.exe moved successfully.
========== FILES ==========
C:\Users\Zowada\AppData\Local\funmoods-speeddial_sf.crx moved successfully.
C:\Users\Zowada\AppData\Local\funmoods.crx moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 01132013_101253

[/log]

 

 

ADW CLEANER

[log] # AdwCleaner v2.105 - Log utworzony 13/01/2013 o 10:17:35
# Aktualizacja 08/01/2013 przez Xplode
# System operacyjny : Windows 7 Ultimate  (64 bits)
# Użytkownik : Zowada - ZOWADA-KOMPUTER
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe
# Opcja [Usuń]

***** [Usługi] *****


***** [Pliki / Foldery] *****

Plik Usunięto : C:\Users\Zowada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Usunięto po restarcie : C:\Users\Zowada\AppData\LocalLow\Funmoods
Usunięto po restarcie : C:\Users\Zowada\AppData\LocalLow\Toolbar4

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\Funmoods
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klucz Usunięto : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Rejestr w porządku.

-\\ Mozilla Firefox v18.0 (pl)

Plik : C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default\prefs.js

C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default\user.js ... Usunięto !

Usunięto : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN[...]
Usunięto : user_pref("extensions.funmoods.aflt", "iron2");
Usunięto : user_pref("extensions.funmoods.autoRvrt", false);
Usunięto : user_pref("extensions.funmoods.dfltLng", "");
Usunięto : user_pref("extensions.funmoods.dfltSrch", true);
Usunięto : user_pref("extensions.funmoods.dnsErr", true);
Usunięto : user_pref("extensions.funmoods.envrmnt", "production");
Usunięto : user_pref("extensions.funmoods.excTlbr", false);
Usunięto : user_pref("extensions.funmoods.hmpg", true);
Usunięto : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[...]
Usunięto : user_pref("extensions.funmoods.id", "0018F3F4E68A791E");
Usunięto : user_pref("extensions.funmoods.instlDay", "15642");
Usunięto : user_pref("extensions.funmoods.instlRef", "iron2");
Usunięto : user_pref("extensions.funmoods.isdcmntcmplt", true);
Usunięto : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Usunięto : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Usunięto : user_pref("extensions.funmoods.prdct", "funmoods");
Usunięto : user_pref("extensions.funmoods.prtnrId", "funmoods");
Usunięto : user_pref("extensions.funmoods.srchPrvdr", "Search");
Usunięto : user_pref("extensions.funmoods.tlbrId", "base");
Usunięto : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...]
Usunięto : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Usunięto : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Usunięto : user_pref("extensions.funmoods_i.newTab", true);
Usunięto : user_pref("extensions.funmoods_i.smplGrp", "none");
Usunięto : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:39:29");

*************************

AdwCleaner[S1].txt - [5918 octets] - [13/01/2013 10:17:35]

########## EOF - C:\AdwCleaner[S1].txt - [5978 octets] ##########

[/log]

 

 

OTL SCAN+ EXTRAS

 

[log] OTL logfile created on: 2013-01-13 10:25:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zowada\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,53% Memory free
4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 119,56 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
 
Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (All) ==========
 
PRC - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe
PRC - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (All) ==========
 
MOD - [2013-01-11 12:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zowada\Downloads\OTL.exe
MOD - [2013-01-10 23:13:06 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MOD - [2013-01-10 23:13:06 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2013-01-10 23:13:06 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MOD - [2013-01-10 23:13:06 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2013-01-10 23:13:05 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2013-01-10 23:13:05 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-01-10 23:13:05 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MOD - [2013-01-10 23:13:05 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2013-01-10 23:13:05 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2013-01-10 23:13:05 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MOD - [2013-01-10 23:13:05 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MOD - [2013-01-10 23:13:05 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2013-01-10 23:13:05 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2013-01-10 23:13:05 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MOD - [2013-01-10 23:13:05 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MOD - [2013-01-10 23:13:05 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2013-01-10 23:13:05 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MOD - [2013-01-10 23:13:05 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MOD - [2013-01-10 23:13:05 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MOD - [2012-10-24 18:48:46 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MOD - [2012-10-24 18:48:46 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MOD - [2012-09-28 02:43:28 | 000,935,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll
MOD - [2012-09-28 02:39:36 | 006,536,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll
MOD - [2012-09-28 02:11:16 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll
MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009-07-14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009-07-14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009-07-14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009-07-14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009-07-14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009-07-14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2009-07-14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009-07-14 02:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009-07-14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2009-07-14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009-07-14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2009-07-14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll
MOD - [2009-07-14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2009-07-14 02:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009-07-14 02:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009-07-14 02:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009-07-14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
MOD - [2009-07-14 02:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
MOD - [2009-07-14 02:15:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012-10-29 13:53:14 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2012-09-28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-10 23:13:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-09 21:29:59 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012-10-29 13:53:14 | 000,473,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-06-27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012-06-27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012-06-27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2012-06-27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012-06-27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\..\SearchScopes\{2C42CD20-782D-3CD3-383B-05CFE0A60C32}: "URL" = http://www.bigseekpro.com/search/browser/shark007sfreecodecsolutions/{87DF9B4F-6F2E-44EC-B420-6AF571B90B9B}?q={searchTerms}
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2505298437-2081845478-2408882280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-10 23:13:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-10-29 12:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Extensions
[2013-01-13 10:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zowada\AppData\Roaming\mozilla\Firefox\Profiles\lfmf86hz.default\extensions
[2013-01-10 23:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-01-10 23:13:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-01-10 23:13:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2013-01-10 23:13:05 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982DBE29-4658-491A-AA36-5936307286C5}: DhcpNameServer = 95.171.192.61 8.8.8.8 95.171.192.7
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-01-13 10:12:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-01-12 10:19:06 | 000,379,056 | ---- | C] (Softonic) -- C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe
[2013-01-11 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\skany
[2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013-01-11 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013-01-10 23:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-01-10 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hop
[2013-01-10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013-01-10 14:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 8.6
[2013-01-10 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG 8.6
[2013-01-10 11:14:36 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\Nowy folder (2)
[2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia Auto
[2013-01-10 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Auto
[2013-01-10 10:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto
[2013-01-09 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013-01-09 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013-01-09 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013-01-08 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\hh
[2013-01-05 15:26:04 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\56 min
[2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\DC++
[2013-01-04 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\DC++
[2013-01-04 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC++
[2012-12-30 22:42:58 | 000,000,000 | ---D | C] -- C:\Users\Zowada\AppData\Local\OtLand
[2012-12-30 22:42:33 | 000,148,992 | ---- | C] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe
[2012-12-22 13:43:07 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\ato zdj
[2012-12-21 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Zowada\Desktop\auto
[2012-12-20 10:29:05 | 004,891,136 | ---- | C] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak
 
========== Files - Modified Within 30 Days ==========
 
[2013-01-13 10:26:52 | 000,781,383 | ---- | M] () -- C:\Users\Zowada\Desktop\RSIT.exe
[2013-01-13 10:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-13 10:22:27 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-13 10:15:48 | 000,554,087 | ---- | M] () -- C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe
[2013-01-13 01:26:59 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-13 01:26:59 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-01-13 01:26:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-13 01:26:59 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-01-13 01:26:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-12 12:18:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-12 12:18:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-12 10:19:23 | 000,379,056 | ---- | M] (Softonic) -- C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe
[2013-01-11 15:42:34 | 000,000,368 | ---- | M] () -- C:\Users\Zowada\Desktop\glowny_96.m3u
[2013-01-11 12:53:09 | 000,002,981 | ---- | M] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk
[2013-01-11 12:26:24 | 000,274,218 | ---- | M] () -- C:\Users\Zowada\Desktop\100 % procek.png
[2013-01-10 14:35:14 | 000,000,962 | ---- | M] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk
[2013-01-10 10:07:33 | 000,001,914 | ---- | M] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk
[2013-01-09 20:27:26 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-03 19:52:30 | 001,460,514 | ---- | M] () -- C:\Users\Zowada\Desktop\mata wzory.jpg
[2013-01-02 08:53:48 | 001,447,773 | ---- | M] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg
[2012-12-31 12:09:44 | 196,511,988 | ---- | M] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3
[2012-12-30 22:42:43 | 000,148,992 | ---- | M] (OtLand) -- C:\Users\Zowada\Desktop\ipchanger.exe
[2012-12-26 20:32:57 | 000,002,884 | ---- | M] () -- C:\Users\Zowada\Desktop\Dawid Zowada.rtf
[2012-12-23 20:47:57 | 014,727,113 | ---- | M] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3
[2012-12-21 11:49:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012-12-20 10:35:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2012-12-20 10:33:35 | 019,587,072 | ---- | M] () -- C:\ProgramData\Tibia_spr.bak
[2012-12-20 10:33:15 | 000,820,802 | ---- | M] () -- C:\ProgramData\Tibia_dat.bak
[2012-12-20 10:29:07 | 004,891,136 | ---- | M] (CipSoft GmbH) -- C:\ProgramData\Tibia.bak
 
========== Files Created - No Company Name ==========
 
[2013-01-13 10:26:43 | 000,781,383 | ---- | C] () -- C:\Users\Zowada\Desktop\RSIT.exe
[2013-01-13 10:15:16 | 000,554,087 | ---- | C] () -- C:\Users\Zowada\Desktop\adwcleaner_www.INSTALKI.pl.exe
[2013-01-11 15:42:32 | 000,000,368 | ---- | C] () -- C:\Users\Zowada\Desktop\glowny_96.m3u
[2013-01-11 12:53:09 | 000,002,981 | ---- | C] () -- C:\Users\Zowada\Desktop\HiJackThis.lnk
[2013-01-11 12:26:24 | 000,274,218 | ---- | C] () -- C:\Users\Zowada\Desktop\100 % procek.png
[2013-01-10 14:35:14 | 000,000,962 | ---- | C] () -- C:\Users\Zowada\Desktop\ElfBot NG.lnk
[2013-01-10 10:07:33 | 000,001,914 | ---- | C] () -- C:\Users\Zowada\Desktop\Tibia Auto.lnk
[2013-01-09 20:27:26 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013-01-03 19:52:04 | 001,460,514 | ---- | C] () -- C:\Users\Zowada\Desktop\mata wzory.jpg
[2013-01-02 08:53:55 | 001,447,773 | ---- | C] () -- C:\Users\Zowada\Desktop\2013-01-02 08.51.39.jpg
[2012-12-31 11:59:17 | 196,511,988 | ---- | C] () -- C:\Users\Zowada\Desktop\Slepak - New Year Pump Mix.mp3
[2012-12-23 20:45:47 | 014,727,113 | ---- | C] () -- C:\Users\Zowada\Desktop\Michael Mind Project - Antiheroes (Extended Mix)[www.PlayAll.lt].mp3
[2012-12-21 11:49:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012-12-20 10:13:49 | 019,587,072 | ---- | C] () -- C:\ProgramData\Tibia_spr.bak
[2012-12-20 10:13:46 | 000,820,802 | ---- | C] () -- C:\ProgramData\Tibia_dat.bak
[2012-11-28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-11-28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-11-28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-11-28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-11-28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-10-29 14:26:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2012-10-29 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-09-28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-09-06 12:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012-07-03 02:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-06-10 01:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-05-22 00:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011-12-08 05:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

[/log]

 

extras

[log] OTL Extras logfile created on: 2013-01-13 10:25:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zowada\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,53% Memory free
4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 119,56 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
 
Computer Name: ZOWADA-KOMPUTER | User Name: Zowada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2505298437-2081845478-2408882280-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF58C0-76BC-4EF1-9EE1-6BCB254CB674}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2592E300-19DC-49D6-A7C8-C3EE9851CC8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{28F4544F-31EF-4C9B-BA73-FD043CD7CD2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{2ACD9BF8-A427-4BE0-8E92-9E8AEADF9BDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{33D62B04-D26F-43D6-8673-0BBF569DD399}" = lport=445 | protocol=6 | dir=in | app=system |
"{37B3FFF1-C1CC-4FB4-A20C-CE2381EEF612}" = rport=139 | protocol=6 | dir=out | app=system |
"{51FF228B-2982-42EC-8961-B26AE373BA74}" = lport=139 | protocol=6 | dir=in | app=system |
"{54F4FA4F-0C7C-4D81-8F35-9A6A528F0194}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{6896AAB7-1D19-4B36-9AA3-5D49575DB0CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{774B57DD-4221-4C2B-9756-E4CC5F38B623}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{8A2F4587-F407-4611-B4A7-10B8B351FEB1}" = lport=58281 | protocol=17 | dir=in | name=pando media booster |
"{90476681-7575-4753-AEB5-3E879A44774E}" = lport=138 | protocol=17 | dir=in | app=system |
"{A75B9307-6A83-4A5B-B165-807FFEAC0D55}" = lport=58281 | protocol=6 | dir=in | name=pando media booster |
"{CFDF15CB-15D4-405B-A325-87B589113393}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2119640-308E-47B7-9AC6-CEAC12983883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1E0E7BE-D5A2-4B96-BAD5-231F185D793F}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D18CA71-0B92-40C1-B083-2306307B6FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{14907769-BFCE-445D-967C-8A2B832F9A90}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F222838-5869-4E59-AD7F-40503E38ED87}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4BB850A7-84A7-4F24-9E90-777B8059A3EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55FC5082-E2A5-44AD-9676-27CB2C1619DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7110D3DA-BB03-4039-9428-F81A95EFE1A9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{76E5E481-5922-44FC-8CD4-6E361E895F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7B4ED587-E368-402E-9621-E0DD893728FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8042699D-827E-4C69-9FCB-A2C707A20A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8889ABFE-00A0-4AFA-A2BA-ACFF03AA9C5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FB9AE5A-7443-40F5-9133-19E261EDE9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9AC75B06-EC8A-450D-AE29-9E8F05392D66}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B471AC20-F714-4B85-A3A5-06B5BC2B028A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D139AAF5-F676-4F85-B1DE-DC76ED007198}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D92BC90E-4313-436D-A9E3-10771FE6C7DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC17535D-8B8B-4ED1-97FD-C18C9D1A4BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FE3CBC87-AA06-46A7-A762-19E172055E60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{47C22F64-26AB-4280-A1D1-CA597328EBE1}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{7D96141D-A3DA-4D3B-935A-C32D02273990}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{83A07A57-B94E-468F-89B8-63A47B12F531}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8D5A7BFC-2DB7-4737-8735-DD34C92050B7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A7AAC017-8128-4D9A-802A-FFCCB55B9CE9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{E51D7AB1-CB76-400F-ADA7-A2796B9AE7DA}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe |
"UDP Query User{10484CF5-3E2E-4523-8B8C-7B3BF7C546CC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5BF0B8E0-8357-45B3-AB01-8C655D9FCACF}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{6B4B36FC-69C9-4C52-AB8D-0AF2A3C84E1F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{93E4D9BE-B92E-453C-9E3E-274ED8E02833}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9EF46AD1-D1D2-4FC6-9C9E-A514B65BC97F}C:\users\zowada\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zowada\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BA57226E-3EBA-4B39-8A48-BE79476F3F94}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A44D35BC-F2DF-00E9-79BF-34967DF0E4E8}" = AMD Drag and Drop Transcoding
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DC++" = DC++ 0.802
"ElfBot NG_is1" = ElfBot NG 4.5.9
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2012-12-20 05:33:35 | Computer Name = Zowada-Komputer | Source = Application Hang | ID = 1002
Description = Program Tibia.exe w wersji 9.8.0.0 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: ddc    Godzina rozpoczęcia: 01cdde95017dcae9    Godzina zakończenia:
 35    Ścieżka aplikacji: C:\Program Files (x86)\Tibia\Tibia.exe    Identyfikator raportu:
 51b3c342-4a88-11e2-b7df-0018f3f4e68a  
 
Error - 2013-01-08 02:41:01 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0,
 sygnatura czasowa: 0x5065fdea  Nazwa modułu powodującego błąd: ntdll.dll, wersja:
 6.1.7600.16385, sygnatura czasowa: 0x4a5be02b  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x000000000004d174  Identyfikator procesu powodującego błąd: 0x634  Godzina
uruchomienia aplikacji powodującej błąd: 0x01cdeb984940dc5a  Ścieżka aplikacji powodującej
 błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe  Ścieżka modułu
 powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll  Identyfikator raportu: 5da9f6b2-595e-11e2-9c98-0018f3f4e68a
 
Error - 2013-01-11 05:52:35 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x50c998d7  Nazwa modułu powodującego błąd: MFC42.DLL, wersja:
6.6.8063.0, sygnatura czasowa: 0x4a5bda30  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x00013613  Identyfikator procesu powodującego błąd: 0x334  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cdefdf0a8b8bff  Ścieżka aplikacji powodującej błąd: C:\Program
 Files (x86)\Tibia Auto\tibiaauto.exe  Ścieżka modułu powodującego błąd: C:\Windows\system32\MFC42.DLL
Identyfikator
 raportu: 9fe55e84-5bd4-11e2-af85-0018f3f4e68a
 
Error - 2013-01-11 05:52:44 | Computer Name = Zowada-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: tibiaauto.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x50c998d7  Nazwa modułu powodującego błąd: MFC42.DLL, wersja:
6.6.8063.0, sygnatura czasowa: 0x4a5bda30  Kod wyjątku: 0xc0000005  Przesunięcie błędu:
 0x00013613  Identyfikator procesu powodującego błąd: 0x334  Godzina uruchomienia aplikacji
 powodującej błąd: 0x01cdefdf0a8b8bff  Ścieżka aplikacji powodującej błąd: C:\Program
 Files (x86)\Tibia Auto\tibiaauto.exe  Ścieżka modułu powodującego błąd: C:\Windows\system32\MFC42.DLL
Identyfikator
 raportu: a4c50b1e-5bd4-11e2-af85-0018f3f4e68a
 
Error - 2013-01-12 05:19:07 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 2013-01-12 05:19:24 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 2013-01-12 05:19:33 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 2013-01-12 05:19:34 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 2013-01-12 05:19:42 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 2013-01-12 05:20:18 | Computer Name = Zowada-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Zowada\Desktop\SoftonicDownloader_dla_live-for-speed.exe”.
 Błąd w pliku manifestu lub w pliku zasad „” w wierszu .  Wersja składnika wymagana
 przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki
 powodujące konflikt:  Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Składnik
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 2013-01-09 16:30:08 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Steam Client Service z powodu następującego
 błędu:   %%1053
 
Error - 2013-01-10 15:53:55 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-01-11 08:50:03 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-01-11 11:03:19 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-01-11 21:50:15 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = DCOM | ID = 10005
Description =
 
Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa upnphost nie może zalogować się jako NT AUTHORITY\LocalService
 za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%1352    Aby
 upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
 programie Microsoft Management Console (MMC).
 
Error - 2013-01-12 07:10:10 | Computer Name = Zowada-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Host urządzenia UPnP z powodu następującego
 błędu:   %%1069
 
Error - 2013-01-12 07:10:43 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
Error - 2013-01-13 05:22:27 | Computer Name = Zowada-Komputer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Niektóre funkcje zarządzania energią procesora w czasie wydajności
 zostały wyłączone z powodu znanego problemu z oprogramowaniem układowym. Skontaktuj
 się z producentem komputera w celu uzyskania aktualizacji oprogramowania układowego.
 
 
< End of report >

[/log]

 

 

RSIT

 

[log] Logfile of random's system information tool 1.09 (written by random/random)
Run by Zowada at 2013-01-13 10:34:10
Microsoft Windows 7 Ultimate  
System drive C: has 122 GB (80%) free of 153 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:12, on 2013-01-13
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Zowada\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Zowada.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4957 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Zowada\AppData\Roaming\Mozilla\Firefox\Profiles\lfmf86hz.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
allegro-pl.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-13 10:26:59 ----D---- C:\rsit
2013-01-13 10:17:35 ----A---- C:\AdwCleaner[S1].txt
2013-01-13 10:12:53 ----D---- C:\_OTL
2013-01-11 12:53:09 ----D---- C:\Program Files (x86)\Trend Micro
2013-01-10 23:12:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-10 14:39:30 ----D---- C:\ProgramData\TEMP
2013-01-10 14:35:13 ----D---- C:\Program Files (x86)\ElfBot NG 8.6
2013-01-10 10:06:43 ----D---- C:\Program Files (x86)\Tibia Auto
2013-01-09 20:27:25 ----D---- C:\Program Files (x86)\Common Files\Steam
2013-01-09 20:27:21 ----D---- C:\Program Files (x86)\Steam
2013-01-04 12:23:30 ----D---- C:\Users\Zowada\AppData\Roaming\DC++
2012-12-20 10:29:05 ----A---- C:\ProgramData\Tibia.bak
2012-12-20 10:13:49 ----A---- C:\ProgramData\Tibia_spr.bak
2012-12-20 10:13:46 ----A---- C:\ProgramData\Tibia_dat.bak

======List of files/folders modified in the last 1 month======

2013-01-13 10:34:11 ----D---- C:\Windows\Temp
2013-01-13 10:31:07 ----D---- C:\Windows\System32
2013-01-13 10:31:07 ----D---- C:\Windows\inf
2013-01-13 10:28:42 ----D---- C:\Windows\Prefetch
2013-01-13 10:22:44 ----D---- C:\Windows
2013-01-11 15:29:26 ----RD---- C:\Program Files (x86)
2013-01-11 13:50:05 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-11 12:53:11 ----SHD---- C:\Windows\Installer
2013-01-11 12:53:09 ----SD---- C:\Users\Zowada\AppData\Roaming\Microsoft
2013-01-11 12:52:44 ----SHD---- C:\System Volume Information
2013-01-10 14:47:35 ----D---- C:\Users\Zowada\AppData\Roaming\Tibia
2013-01-10 14:39:30 ----HD---- C:\ProgramData
2013-01-10 11:08:05 ----D---- C:\ProgramData\PMB Files
2013-01-10 10:07:33 ----D---- C:\Program Files (x86)\Tibia
2013-01-09 20:27:25 ----D---- C:\Program Files (x86)\Common Files
2013-01-04 12:18:54 ----D---- C:\Program Files (x86)\DC++
2012-12-21 11:49:20 ----D---- C:\Windows\ModemLogs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x64.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys []
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys []
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys []
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-10 115760]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-09 541760]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[/log]

 

 

 

 

Natsuki Kuga
komentarz
komentarz

1. Do OTL wklej:
[spoiler]
:OTL
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
[/spoiler]
Wykonaj skrypt.

2. Uruchom OTL ponownie i kliknij Sprzątanie, w AdwCleaner kliknij Uninstall.

3. Zresetuj foldery Przywracania systemu: Klik

4. Użyj TFC.

To wszystko.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.