daro99 utworzono 11 stycznia 2013 utworzono 11 stycznia 2013 (edytowane) Siemka mam laptopa fujitsu lifebook Strasznie wolni mi sie wczytuje i juz powoli mnie to zaczyna wkur**ac :/ Oto ss msconfig->uruchamianie http://imageshack.us/photo/my-images/845/11111naf.jpg/ Nie wiem co wiecej moge zrobic :/ Laptop zanim moge cokolwiek zrobic wczytuje mi 10-15 minu !! :/ Slyszalem tez o zablokowaniu uslug win 7, poblokowalem pare ale boje sie cos wiecej blokowac zeby nie spieprzyc czegos :/ Jesli mam cos jeszcze pokazac to piszcie Help Me !! :) Slyszalem tez, ze mozna usunac jakis plik systemowy ktory po usunieciu bedzie wczytywac o iles tam sekund szybciej Jesli nie ten dzial to prosze o przeniesienie
Natsuki Kuga komentarz 11 stycznia 2013 komentarz 11 stycznia 2013 Zaczniemy od sprawdzenia pod kątem wirusów: Zapoznaj się z przyklejonymi w Bezpieczeństwie i pokaż zestaw odpowiednich logów.
daro99 komentarz 12 stycznia 2013 Autor komentarz 12 stycznia 2013 (edytowane) OTL [log]OTL logfile created on: 1/12/2013 1:55:52 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.91 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 45.68% Memory free 7.83 Gb Paging File | 5.53 Gb Available in Paging File | 70.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 36.43 Gb Free Space | 36.43% Space Free | Partition Type: NTFS Drive D: | 177.46 Gb Total Space | 59.85 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (All) ========== PRC - [2013/01/12 01:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe PRC - [2013/01/10 23:04:29 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/01/10 23:04:25 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2012/12/12 19:43:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012/11/27 16:18:35 | 011,489,280 | ---- | M] () -- C:\Users\Dom\Downloads\Special-Sro+Game+ver+196\Special-Sro Game\sro_client.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/01/04 13:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010/11/03 19:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe ========== Modules (All) ========== MOD - [2013/01/12 01:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe MOD - [2013/01/10 23:04:29 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013/01/10 23:04:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013/01/10 23:04:28 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013/01/10 23:04:28 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013/01/10 23:04:27 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 23:04:27 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013/01/10 23:04:27 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013/01/10 23:04:27 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013/01/10 23:04:26 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013/01/10 23:04:26 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013/01/10 23:04:26 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013/01/10 23:04:26 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013/01/10 23:04:26 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013/01/10 23:04:26 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013/01/10 23:04:26 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013/01/10 23:04:25 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013/01/10 23:04:25 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013/01/10 23:04:25 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013/01/10 23:04:25 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe MOD - [2013/01/10 23:04:24 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013/01/10 23:04:24 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2013/01/03 11:42:08 | 000,042,840 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\13011101\uiext.dll MOD - [2012/12/12 19:43:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe MOD - [2012/12/12 19:43:28 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/11/29 09:25:45 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012/11/29 09:25:45 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012/11/27 16:18:35 | 011,489,280 | ---- | M] () -- C:\Users\Dom\Downloads\Special-Sro+Game+ver+196\Special-Sro Game\sro_client.exe MOD - [2012/11/22 22:02:33 | 000,458,752 | ---- | M] (Joymax) -- C:\Users\Dom\Downloads\Special-Sro+Game+ver+196\Special-Sro Game\GFXFileManager.dll MOD - [2012/11/22 18:57:06 | 000,070,248 | ---- | M] (Initex) -- C:\Windows\SysWOW64\PrxerDrv.dll MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll MOD - [2012/06/29 01:27:10 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012/06/29 01:09:32 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012/06/29 01:09:01 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012/06/29 01:06:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012/06/29 01:01:33 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012/06/04 11:28:38 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll MOD - [2012/06/04 11:28:25 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2012/06/04 11:28:25 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2012/06/02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2012/06/02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2012/06/02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2012/05/05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2012/04/24 05:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2012/03/03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2012/03/01 06:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012/02/23 17:23:34 | 000,227,608 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\uiLangRes.dll MOD - [2012/02/23 17:23:34 | 000,095,232 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\Base.dll MOD - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe MOD - [2012/02/23 17:23:21 | 004,673,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll MOD - [2012/02/23 17:23:20 | 000,210,080 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2012/02/23 17:23:17 | 000,399,088 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll MOD - [2012/02/23 17:23:17 | 000,027,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll MOD - [2012/02/23 17:23:16 | 000,216,760 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll MOD - [2012/02/23 17:23:16 | 000,213,176 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2012/02/23 17:23:16 | 000,120,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll MOD - [2012/02/23 17:23:15 | 002,111,448 | ---- | M] (AVAST! Software) -- C:\Program Files\AVAST Software\Avast\aswAra.dll MOD - [2012/02/23 17:23:15 | 000,682,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll MOD - [2012/02/23 17:23:14 | 000,337,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll MOD - [2012/02/23 17:23:14 | 000,184,872 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll MOD - [2012/02/23 17:23:14 | 000,164,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll MOD - [2012/02/23 17:23:14 | 000,098,864 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll MOD - [2012/02/23 17:23:14 | 000,050,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll MOD - [2012/02/23 17:23:13 | 000,405,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll MOD - [2012/02/23 17:23:13 | 000,153,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll MOD - [2012/02/23 17:23:13 | 000,062,272 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll MOD - [2012/02/23 17:23:10 | 000,345,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll MOD - [2012/02/23 17:23:10 | 000,097,816 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll MOD - [2012/01/04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2011/12/16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2011/11/17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2011/08/27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2011/08/27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2011/07/16 05:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2011/05/24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2011/05/24 11:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2011/05/24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2011/04/15 03:01:50 | 006,278,656 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dll MOD - [2011/04/15 02:58:12 | 000,577,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumdx32.dll MOD - [2011/04/15 02:48:12 | 012,297,216 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll MOD - [2011/04/12 02:40:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2011/04/12 02:40:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2011/03/03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2011/02/19 23:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll MOD - [2011/02/19 00:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll MOD - [2010/11/21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010/11/21 04:24:51 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bthprops.cpl MOD - [2010/11/21 04:24:50 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll MOD - [2010/11/21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010/11/21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010/11/21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010/11/21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010/11/21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010/11/21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010/11/21 04:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2010/11/21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010/11/21 04:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2010/11/21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010/11/21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010/11/21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010/11/21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010/11/21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010/11/21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010/11/21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010/11/21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010/11/21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010/11/21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010/11/21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2010/11/21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010/11/21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010/11/21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2010/11/21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2010/11/21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010/11/21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010/11/21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010/11/21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010/11/21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010/11/21 04:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2010/11/21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010/11/21 04:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2010/11/21 04:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010/11/21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010/11/21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010/11/21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010/11/21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010/11/21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010/11/21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010/11/21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010/11/21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010/11/21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010/11/21 04:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010/11/21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010/11/21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010/11/21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010/11/21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2010/11/03 19:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe MOD - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe MOD - [2010/09/30 02:05:32 | 000,038,512 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\BrightMgr.dll MOD - [2010/09/30 02:05:32 | 000,036,464 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\VFuj02b1.dll MOD - [2010/09/30 02:05:32 | 000,020,080 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\fuj02b1.dll MOD - [2010/09/21 22:03:14 | 000,145,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009/07/14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/07/14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009/07/14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009/07/14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009/07/14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009/07/14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009/07/14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll MOD - [2009/07/14 02:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll MOD - [2009/07/14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009/07/14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009/07/14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWOW64\l3codeca.acm MOD - [2009/07/14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2008/10/15 05:22:52 | 000,452,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx10_40.dll ========== Services (SafeList) ========== SRV - [2013/01/10 23:04:27 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/12 19:43:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/11/14 14:04:49 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/18 08:44:21 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock) SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/05/15 20:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/04/13 09:17:10 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV - [2012/03/29 14:55:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/ IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{44E64640-79DC-4EDB-A142-148282A6B88D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 23570767 IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110824&tt=4712_5&babsrc=HP_ss&mntrId=ae31ac310000000000004c809354accd IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_5&babsrc=SP_ss&mntrId=ae31ac310000000000004c809354accd IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 147.102.16.69:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "http://websearch.just-browse.info/?l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://websearch.just-browse.info/?l=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "WebSearch" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.startup.homepage: "http://websearch.just-browse.info/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://websearch.just-browse.info/?l=1&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 10:15:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2012/12/31 14:22:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/05 02:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 23:04:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 23:04:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 23:04:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 23:04:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Dom\AppData\Roaming\IDM\idmmzcc3 [2013/01/02 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Extensions [2013/01/05 00:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions [2013/01/05 00:32:48 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions\50e76b2c4f976@50e76b2c4f9af.com [2013/01/05 00:32:34 | 000,000,556 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\searchplugins\WebSearch.xml [2013/01/10 23:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/10 23:04:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 11:00:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012/11/24 20:12:52 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/11/29 11:00:09 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012/11/29 11:00:09 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012/11/29 11:00:09 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/11/29 11:00:09 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/11/29 11:00:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: http://websearch.just-browse.info/ CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = http://websearch.just-browse.info/?l=1&q={searchTerms} CHR - default_search_provider: suggest_url = http://websearch.just-browse.info/?l=1&q={searchTerms} CHR - homepage: http://websearch.just-browse.info/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: Proxy Switchy! = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\ CHR - Extension: Truck Simulator Games = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\ CHR - Extension: Truck Simulator Games = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\.bak CHR - Extension: Browse2save = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbfhopckfgpnpegccojniaelnihenpm\1\ CHR - Extension: Don't Starve = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\ CHR - Extension: avast! WebRep = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Clash of the Dragons = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdphihkopbepogaialenmgoacnpmffo\1.1_0\ CHR - Extension: Adres IP = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcijdkkommbhnpohidhdpkhendgcpamf\0.4_0\ CHR - Extension: Simple Startup Password = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc\1.0_0\ CHR - Extension: Fishing Champion = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcdplgchgghnahkmoeibomjpbikclka\2.0_0\ O1 HOSTS File: ([2010/09/11 16:19:05 | 000,000,732 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Dom\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm () O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2848B855-D0DD-43E7-BD1E-895ADA4300FF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5EE4F17-47DE-401E-AD42-715828982B42}: DhcpNameServer = 8.8.8.8 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\flashget3.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\unite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\Shell - "" = AutoRun O33 - MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell - "" = AutoRun O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell\AutoRun\command - "" = F:\AidemMediaSplash.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within (All) ========== [2013/01/11 17:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear [2013/01/11 17:21:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear [2013/01/11 15:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013/01/10 23:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/08 10:06:06 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Podatnik.info [2013/01/08 09:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program PIT 2012-2013 [2013/01/08 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podatnik.info Sp z o.o [2013/01/05 20:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EGCabal Online [2013/01/05 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner [2013/01/05 14:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner [2013/01/05 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise [2013/01/05 02:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/01/05 02:36:44 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013/01/05 02:36:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/01/05 01:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerenityGamerZ [2013/01/05 01:44:12 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Avg2013 [2013/01/05 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\SendSpace [2013/01/05 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013/01/05 00:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave [2013/01/05 00:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save [2013/01/05 00:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013/01/02 18:42:57 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Mozilla [2013/01/02 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/01/02 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Raiderz [2013/01/02 10:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaiderZ [2012/12/31 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\ObviousIdea [2012/12/31 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon [2012/12/31 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ObviousIdea [2012/12/30 23:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\MFAData [2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/12/30 21:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/12/30 18:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Skype [2012/12/30 18:08:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/12/30 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/12/30 17:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2012/12/30 17:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2012/12/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Downloads [2012/12/20 17:05:43 | 000,000,000 | -HSD | C] -- C:\found.002 [2012/12/20 12:47:49 | 000,185,720 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Dom\wgsdgsdgdsgsd.dll [2012/12/19 09:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/12/19 09:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2012/12/18 14:05:57 | 000,126,336 | ---- | C] (Copyright (C) GameCap) -- C:\Windows\SysWow64\gamelsp.dll [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashgetSetup [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\BITS [2012/12/18 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashGetBHO [2012/12/18 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network [2012/12/18 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashGet [2012/12/16 14:46:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Proxifier [2012/12/16 14:46:13 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2012/12/16 14:46:13 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2012/12/16 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2012/12/16 14:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2012/12/14 11:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME [2012/12/13 18:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify [2012/12/12 00:34:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\YourFileDownloader [2012/12/12 00:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader [2012/12/12 00:30:33 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Microsoft Help [2012/12/12 00:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012/12/11 19:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/12/11 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/12/06 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012/12/06 14:41:55 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Programs [2012/12/06 11:47:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012/11/30 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 [2012/11/30 14:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3 [2012/11/29 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft [2012/11/28 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\bin [2012/11/28 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\.snap [2012/11/28 00:58:33 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Metin2Tools [2012/11/26 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Nowy folder (2) [2012/11/24 20:14:39 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\LogMeIn Hamachi [2012/11/18 10:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AidemMedia [2012/11/18 10:51:32 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Aidem Media [2012/11/14 21:49:22 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\assembly [2012/11/14 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft [2012/11/14 10:14:05 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nokia [2012/11/14 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Nokia [2012/11/14 09:43:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\PC Suite [2012/11/14 09:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012/11/14 09:42:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Nokia [2012/11/14 09:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/11/14 09:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/11/14 09:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2012/11/13 11:35:02 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted PL [2012/11/13 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\NFS Most Wanted [2012/11/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Two Worlds Saves [2012/11/07 17:21:26 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Bioshock [2012/11/07 02:40:35 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\NFS Undercover [2012/11/05 19:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Nowy folder [2012/11/05 15:45:31 | 004,295,288 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2012/11/01 10:11:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2012/09/18 10:38:45 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\My Cheat Tables [2012/09/17 08:47:19 | 000,000,000 | ---D | C] -- C:\Windows\4StoryEG [2012/09/12 10:52:05 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\GTA San Andreas User Files [2012/09/06 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\18 WoS Convoy [2012/09/02 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\18 WoS Extreme Trucker 2 [2012/09/02 18:04:02 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\SCANIA Truck Driving Simulator [2012/08/30 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Nowy folder (3) [2012/08/27 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Diablo III [2012/08/25 22:01:10 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Two Worlds files [2012/08/25 17:27:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic [2012/08/25 15:11:02 | 000,000,000 | -HSD | C] -- C:\found.001 [2012/08/23 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Downloads [2012/08/20 18:52:04 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Navicat [2012/08/11 21:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/08/11 09:47:19 | 000,000,000 | R--D | C] -- C:\Users\Dom\Documents\Notes [2012/08/10 10:36:29 | 000,000,000 | R--D | C] -- C:\Sandbox [2012/08/09 09:13:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/08 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\skrillex-music-bangarang-ipad-iphone-hd-free-438685.jpg [2012/08/02 13:04:42 | 000,000,000 | ---D | C] -- C:\Download [2012/08/02 13:04:26 | 000,000,000 | ---D | C] -- C:\Nexon [2012/08/02 13:04:25 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2012/07/18 11:48:00 | 000,000,000 | ---D | C] -- C:\gPotato.eu [2012/07/18 08:44:19 | 000,654,944 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012/07/18 08:43:56 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\C9 [2012/07/13 08:50:38 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\BOLEK I LOLEK LITERKI [2012/07/09 14:06:48 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\My Games [2012/06/28 20:38:54 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/06/07 08:14:21 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012/06/05 07:16:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012/06/04 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Youcam [2012/06/04 10:15:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/06/04 10:12:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012/06/04 09:50:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/04 09:41:06 | 000,000,000 | -HSD | C] -- C:\Users\Dom\Documents\Moje wideo [2012/06/04 09:41:06 | 000,000,000 | -HSD | C] -- C:\Users\Dom\Documents\Moje obrazy [2012/06/04 09:41:06 | 000,000,000 | -HSD | C] -- C:\Users\Dom\Documents\Moja muzyka [2012/05/31 22:56:02 | 000,662,016 | ---- | C] (Sonix) -- C:\Windows\vsnp2uvc.exe [2012/05/31 22:56:02 | 000,306,176 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll [2012/05/31 22:50:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011/05/13 04:12:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011/05/12 08:28:15 | 000,000,000 | ---D | C] -- C:\Windows\sk [2011/05/12 08:28:12 | 000,000,000 | ---D | C] -- C:\Windows\pl [2011/05/12 08:28:09 | 000,000,000 | ---D | C] -- C:\Windows\cs [2011/05/12 08:28:06 | 000,000,000 | ---D | C] -- C:\Windows\es [2011/05/12 08:28:02 | 000,000,000 | ---D | C] -- C:\Windows\fr [2011/05/12 08:28:00 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/05/12 08:26:15 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/05/12 08:05:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2011/05/12 08:01:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011/05/12 07:59:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011/05/12 07:58:56 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2011/05/12 07:45:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011/05/12 07:45:50 | 000,000,000 | ---D | C] -- C:\Intel [2011/05/11 15:20:19 | 000,000,000 | ---D | C] -- C:\Fujitsu [2011/04/12 18:19:19 | 000,000,000 | ---D | C] -- C:\Windows\pt-PT [2011/04/12 18:07:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\pl-PL [2011/04/12 18:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pl [2011/04/12 18:07:06 | 000,000,000 | ---D | C] -- C:\Windows\pl-PL [2011/04/12 17:55:50 | 000,000,000 | ---D | C] -- C:\Windows\fr-FR [2011/04/12 17:44:07 | 000,000,000 | ---D | C] -- C:\Windows\es-ES [2011/04/12 17:33:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2011/04/12 17:21:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011/04/12 01:18:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011/02/10 02:45:48 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll [2011/02/10 02:45:46 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll [2011/02/10 02:45:46 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll [2010/11/21 08:16:47 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2010/11/21 08:16:47 | 000,000,000 | ---D | C] -- C:\Windows\ehome [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\en-US [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en [2010/11/21 08:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409 [2010/11/21 04:24:33 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2009/07/14 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\en-US [2009/07/14 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\DigitalLocker [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\twain_32 [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\restore [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Performance [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Offline Web Pages [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\LogFiles [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FxsTmp [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\diagnostics [2009/07/14 06:32:38 | 000,000,000 | ---D | C] -- C:\Windows\addins [2009/07/14 06:08:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos [2009/07/14 06:08:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures [2009/07/14 06:08:56 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music [2009/07/14 06:08:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2009/07/14 05:45:54 | 000,000,000 | ---D | C] -- C:\Windows\debug [2009/07/14 05:45:50 | 000,000,000 | ---D | C] -- C:\Windows\Setup [2009/07/14 05:45:47 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-TW [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-HK [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CN [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\winsxs [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\Web [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\wdi [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\wbem [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\uk-UA [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tr-TR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\tracing [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\th-TH [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\Tasks [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Tasks [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\TAPI [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWOW64 [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sv-SE [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sr-Latn-CS [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sppui [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spp [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Speech [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sl-SI [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sk-SK [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Setup [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ru-RU [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ro-RO [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Recovery [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ras [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pt-PT [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pt-BR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pl-PL [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\oobe [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\nl-NL [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NetworkList [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NDF [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\nb-NO [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MUI [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\migwiz [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\migration [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\manifeststore [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\lv-LV [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\lt-LT [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ko-KR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja-JP [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it-IT [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\InstallShield [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\inetsrv [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\IME [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\icsxml [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\hu-HU [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\hr-HR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he-IL [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GroupPolicyUsers [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GroupPolicy [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fr-FR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fi-FI [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\et-EE [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es-ES [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en-US [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\el-GR [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\DriverStore [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Dism [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de-DE [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\da-DK [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cs-CZ [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\config [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\com [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\catroot2 [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\catroot [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bg-BG [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ar-SA [2009/07/14 04:20:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AdvancedInstallers [2009/07/14 04:20:10 | 000,000,000 | R-SD | C] -- C:\Windows\Media [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\System32 [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\system [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Speech [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\servicing [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\security [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\schemas [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\SchCache [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Resources [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Registration [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\PolicyDefinitions [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\PLA [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\ModemLogs [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft.NET [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Logs [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\LiveKernelReports [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\L2Schemas [2009/07/14 04:20:10 | 000,000,000 | ---D | C] -- C:\Windows\inf [2009/07/14 04:20:09 | 000,000,000 | R-SD | C] -- C:\Windows\Fonts [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\IME [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Help [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Globalization [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Cursors [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Branding [2009/07/14 04:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Boot [2009/07/14 04:20:08 | 000,000,000 | R-SD | C] -- C:\Windows\assembly [2009/07/14 04:20:08 | 000,000,000 | R--D | C] -- C:\Users [2009/07/14 04:20:08 | 000,000,000 | R--D | C] -- C:\Program Files [2009/07/14 04:20:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86) [2009/07/14 04:20:08 | 000,000,000 | -H-D | C] -- C:\ProgramData [2009/07/14 04:20:08 | 000,000,000 | ---D | C] -- C:\Windows [2009/07/14 04:20:08 | 000,000,000 | ---D | C] -- C:\PerfLogs [2009/07/14 04:20:08 | 000,000,000 | ---D | C] -- C:\Windows\AppPatch [2009/07/14 04:20:08 | 000,000,000 | ---D | C] -- C:\Windows\AppCompat ========== Files - Modified Within (All) ========== [2013/01/12 01:58:43 | 005,767,168 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT [2013/01/11 21:01:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2013/01/11 21:01:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/11 20:56:46 | 001,372,067 | -H-- | M] () -- C:\Users\Dom\AppData\Local\IconCache.db [2013/01/11 17:21:03 | 000,001,008 | ---- | M] () -- C:\Users\Dom\Desktop\TunnelBear.lnk [2013/01/11 15:15:50 | 000,222,409 | ---- | M] () -- C:\Users\Dom\Desktop\11111.jpg [2013/01/08 09:58:33 | 000,002,651 | ---- | M] () -- C:\Users\Public\Desktop\Program PIT 2012-2013.lnk [2013/01/06 17:55:10 | 000,377,600 | ---- | M] () -- C:\Users\Dom\Desktop\haha.jpg [2013/01/05 14:54:52 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk [2013/01/05 14:39:35 | 000,262,676 | ---- | M] () -- C:\Users\Dom\Desktop\pppppp.jpg [2013/01/05 02:37:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/01/05 02:30:37 | 000,001,695 | ---- | M] () -- C:\Users\Dom\Desktop\SG Cabal Online — skrót.lnk [2013/01/05 02:30:31 | 000,057,944 | ---- | M] () -- C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT [2013/01/02 18:42:50 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/02 10:25:33 | 000,000,937 | ---- | M] () -- C:\Users\Dom\Desktop\RaiderZ.lnk [2012/12/31 14:37:17 | 000,135,686 | ---- | M] () -- C:\Users\Dom\Desktop\Raiderz_Artwork3.jpg [2012/12/28 23:18:01 | 000,241,881 | ---- | M] () -- C:\Users\Dom\Desktop\p;p;p.jpg [2012/12/20 17:07:08 | 000,006,896 | ---- | M] () -- C:\bootsqm.dat [2012/12/20 12:57:01 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/12/20 12:51:30 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/20 12:47:49 | 000,185,720 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Dom\wgsdgsdgdsgsd.dll [2012/12/20 12:43:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/20 12:21:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000UA.job [2012/12/20 12:10:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/19 18:21:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000Core.job [2012/12/18 14:14:07 | 000,000,380 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat [2012/12/18 14:05:57 | 000,126,336 | ---- | M] (Copyright (C) GameCap) -- C:\Windows\SysWow64\gamelsp.dll [2012/12/18 14:03:37 | 000,001,184 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat [2012/12/18 13:49:54 | 000,000,025 | ---- | M] () -- C:\Windows\emcore.INI [2012/12/16 14:46:13 | 000,001,025 | ---- | M] () -- C:\Users\Dom\Desktop\Proxifier.lnk [2012/11/30 14:23:36 | 000,000,061 | ---- | M] () -- C:\Users\Dom\SciTEUser.properties [2012/11/28 13:10:26 | 000,243,018 | ---- | M] () -- C:\Users\Dom\Desktop\ttt.jpg [2012/11/22 18:57:06 | 000,091,240 | ---- | M] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2012/11/22 18:57:06 | 000,070,248 | ---- | M] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWow64\PrxerNsp.dll [2012/11/20 16:13:30 | 048,179,170 | ---- | M] () -- C:\Users\Dom\game [2012/11/13 10:42:20 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/07 02:40:21 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/10/26 18:15:23 | 001,640,270 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/10/15 15:15:17 | 000,000,320 | ---- | M] () -- C:\Users\Dom\SciTE.session [2012/09/19 10:02:14 | 001,589,248 | ---- | M] () -- C:\Windows\SysWow64\libmysql_d.dll [2012/08/29 05:17:49 | 001,048,576 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.2.regtrans-ms [2012/08/29 05:17:49 | 001,048,576 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.1.regtrans-ms [2012/08/29 05:17:49 | 001,048,576 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.0.regtrans-ms [2012/08/29 05:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.blf [2012/08/21 20:57:23 | 000,000,600 | ---- | M] () -- C:\Users\Dom\AppData\Local\PUTTY.RND [2012/08/16 19:13:44 | 000,015,772 | RHS- | M] () -- C:\Users\Dom\tiuopu.exe [2012/08/13 10:04:34 | 000,000,608 | ---- | M] () -- C:\user.js [2012/08/10 12:46:14 | 000,001,638 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012/08/09 12:42:20 | 000,000,219 | ---- | M] () -- C:\Windows\system.ini [2012/08/08 15:50:45 | 000,041,309 | ---- | M] () -- C:\Users\Dom\Desktop\skrillex.jpg [2012/08/08 15:32:26 | 000,176,017 | ---- | M] () -- C:\Users\Dom\Desktop\Skrillex-Bangarang-EP.jpg [2012/08/02 13:45:55 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2012/08/02 13:45:55 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2012/07/18 08:44:21 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012/07/12 17:53:19 | 000,524,288 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TMContainer00000000000000000002.regtrans-ms [2012/07/12 17:53:19 | 000,524,288 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TMContainer00000000000000000001.regtrans-ms [2012/07/12 17:53:19 | 000,065,536 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TM.blf [2012/06/06 19:55:24 | 000,001,104 | ---- | M] () -- C:\Users\Dom\Desktop\TuneUp Konserwacja 1 kliknięciem.lnk [2012/06/04 17:53:42 | 000,003,392 | ---- | M] () -- C:\WirelessDiagLog.csv [2012/06/04 17:36:48 | 000,151,249 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012/06/04 10:15:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/06/04 09:55:00 | 000,524,288 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TMContainer00000000000000000002.regtrans-ms [2012/06/04 09:55:00 | 000,524,288 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TMContainer00000000000000000001.regtrans-ms [2012/06/04 09:55:00 | 000,065,536 | -HS- | M] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TM.blf [2012/06/04 09:50:38 | 000,001,123 | ---- | M] () -- C:\Users\Dom\Desktop\CyberLink YouCam.lnk [2012/06/04 09:48:44 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.27_Intel(R) HD Graphics Family.MRK [2012/06/04 09:42:52 | 000,001,280 | ---- | M] () -- C:\Windows\SysWow64\TRACE.trace [2012/05/15 20:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2012/02/23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012/02/23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/02/17 16:14:06 | 000,000,038 | ---- | M] () -- C:\Users\Dom\abbrev.properties [2012/02/17 15:02:02 | 000,000,000 | ---- | M] () -- C:\Users\Dom\au3.keywords.user.abbreviations.properties [2012/02/14 21:52:12 | 000,000,027 | ---- | M] () -- C:\Users\Dom\au3UserAbbrev.properties [2011/05/12 08:31:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/04/15 03:05:50 | 000,218,304 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/15 03:05:50 | 000,145,804 | ---- | M] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/04/15 03:05:48 | 000,963,116 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin [2011/04/15 02:59:48 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll [2011/04/15 02:33:40 | 013,359,616 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll [2010/12/23 19:09:18 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2010/11/21 04:24:33 | 000,105,559 | ---- | M] () -- C:\Windows\SysWow64\RacRules.xml [2010/11/21 04:24:33 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2010/11/21 04:23:59 | 000,001,041 | ---- | M] () -- C:\Windows\SysWow64\tcpbidi.xml [2010/11/21 04:23:48 | 000,419,880 | ---- | M] () -- C:\Windows\SysWow64\locale.nls [2010/11/21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Dom\ntuser.ini [2010/09/30 09:35:38 | 000,306,176 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\SysWow64\vsnp2uvc.dll [2010/07/22 08:48:26 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2010/03/27 16:22:54 | 000,014,905 | ---- | M] () -- C:\Users\Dom\au3abbrev.properties [2010/01/02 22:16:12 | 000,000,111 | ---- | M] () -- C:\Users\Dom\au3.UserUdfs.properties [2010/01/02 22:15:50 | 000,000,000 | ---- | M] () -- C:\Users\Dom\au3.user.calltips.api [2009/11/19 13:42:50 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll [2009/11/19 13:42:44 | 000,206,120 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll [2009/11/19 13:42:42 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll [2009/08/13 14:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\SysWow64\ac3filter.acm [2009/07/22 11:08:00 | 000,013,021 | ---- | M] () -- C:\Windows\snp2uvc.src [2009/07/14 06:09:22 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini [2009/07/14 05:55:01 | 000,000,535 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [2009/07/14 05:54:24 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/14 02:15:00 | 000,064,000 | ---- | M] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/14 00:06:54 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin [2009/07/14 00:06:14 | 000,004,453 | ---- | M] () -- C:\Windows\SysWow64\odbcconf.rsp [2009/07/13 21:29:26 | 000,000,714 | ---- | M] () -- C:\Windows\SysWow64\RestartManager.mof [2009/07/13 21:29:26 | 000,000,176 | ---- | M] () -- C:\Windows\SysWow64\RestartManagerUninstall.mof [2009/06/10 22:48:27 | 000,009,958 | ---- | M] () -- C:\Windows\SysWow64\l_intl.nls [2009/06/10 22:48:18 | 000,180,770 | ---- | M] () -- C:\Windows\SysWow64\C_20932.NLS [2009/06/10 22:48:18 | 000,177,698 | ---- | M] () -- C:\Windows\SysWow64\C_20949.NLS [2009/06/10 22:48:18 | 000,173,602 | ---- | M] () -- C:\Windows\SysWow64\C_20936.NLS [2009/06/10 22:48:17 | 000,195,618 | ---- | M] () -- C:\Windows\SysWow64\C_10002.NLS [2009/06/10 22:48:17 | 000,177,698 | ---- | M] () -- C:\Windows\SysWow64\C_10003.NLS [2009/06/10 22:48:17 | 000,173,602 | ---- | M] () -- C:\Windows\SysWow64\C_10008.NLS [2009/06/10 22:48:17 | 000,162,850 | ---- | M] () -- C:\Windows\SysWow64\C_10001.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_869.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_866.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_865.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_864.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_863.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_862.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_861.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_860.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_858.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_857.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_855.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_852.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_850.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_775.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_737.NLS [2009/06/10 22:48:17 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_437.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10082.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10081.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10079.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10029.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10021.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10017.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10010.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10007.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10006.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10005.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10004.NLS [2009/06/10 22:48:17 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_10000.NLS [2009/06/10 22:48:16 | 000,189,986 | ---- | M] () -- C:\Windows\SysWow64\C_1361.NLS [2009/06/10 22:48:16 | 000,187,938 | ---- | M] () -- C:\Windows\SysWow64\C_20005.NLS [2009/06/10 22:48:16 | 000,186,402 | ---- | M] () -- C:\Windows\SysWow64\C_20001.NLS [2009/06/10 22:48:16 | 000,185,378 | ---- | M] () -- C:\Windows\SysWow64\C_20003.NLS [2009/06/10 22:48:16 | 000,180,258 | ---- | M] () -- C:\Windows\SysWow64\C_20004.NLS [2009/06/10 22:48:16 | 000,180,258 | ---- | M] () -- C:\Windows\SysWow64\C_20000.NLS [2009/06/10 22:48:16 | 000,173,602 | ---- | M] () -- C:\Windows\SysWow64\C_20002.NLS [2009/06/10 22:48:16 | 000,139,810 | ---- | M] () -- C:\Windows\SysWow64\C_20261.NLS [2009/06/10 22:48:16 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_720.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_708.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28605.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\c_28603.nls [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28599.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28598.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28597.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28596.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28595.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28594.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28593.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28592.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_28591.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_21866.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_21027.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20866.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20269.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20127.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20108.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20107.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20106.NLS [2009/06/10 22:48:16 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20105.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_875.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_870.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_500.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_21025.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20924.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20905.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20880.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20871.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20838.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20833.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20424.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20423.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20420.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20297.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20290.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20285.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20284.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20280.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20278.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20277.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_20273.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1149.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1148.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1147.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1146.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1145.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1144.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1143.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1142.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1141.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1140.NLS [2009/06/10 22:48:15 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1047.NLS [2009/06/10 22:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\SysWow64\C_950.NLS [2009/06/10 22:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\SysWow64\C_949.NLS [2009/06/10 22:48:14 | 000,196,642 | ---- | M] () -- C:\Windows\SysWow64\C_936.NLS [2009/06/10 22:48:14 | 000,162,850 | ---- | M] () -- C:\Windows\SysWow64\C_932.NLS [2009/06/10 22:48:14 | 000,066,594 | ---- | M] () -- C:\Windows\SysWow64\C_874.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1258.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1257.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1256.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1255.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1254.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1253.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1252.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1251.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1250.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_1026.NLS [2009/06/10 22:48:14 | 000,066,082 | ---- | M] () -- C:\Windows\SysWow64\C_037.NLS [2009/06/10 22:47:11 | 000,047,679 | ---- | M] () -- C:\Windows\SysWow64\diskmgmt.msc [2009/06/10 22:46:08 | 000,145,640 | ---- | M] () -- C:\Windows\SysWow64\devmgmt.msc [2009/06/10 22:44:34 | 003,170,304 | ---- | M] () -- C:\Windows\SysWow64\boot.sdi [2009/06/10 22:43:20 | 000,144,862 | ---- | M] () -- C:\Windows\SysWow64\tpm.msc [2009/06/10 22:42:07 | 000,004,041 | ---- | M] () -- C:\Windows\SysWow64\xwizard.dtd [2009/06/10 22:41:29 | 000,211,938 | ---- | M] () -- C:\Windows\SysWow64\lcphrase.tbl [2009/06/10 22:41:29 | 000,024,114 | ---- | M] () -- C:\Windows\SysWow64\lcptr.tbl [2009/06/10 22:40:47 | 000,201,034 | ---- | M] () -- C:\Windows\SysWow64\winrm.vbs [2009/06/10 22:40:47 | 000,004,675 | ---- | M] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2009/06/10 22:40:47 | 000,002,426 | ---- | M] () -- C:\Windows\SysWow64\WsmTxt.xsl [2009/06/10 22:40:47 | 000,001,559 | ---- | M] () -- C:\Windows\SysWow64\WsmPty.xsl [2009/06/10 22:40:47 | 000,000,035 | ---- | M] () -- C:\Windows\SysWow64\winrm.cmd [2009/06/10 22:39:54 | 000,003,577 | ---- | M] () -- C:\Windows\SysWow64\sysprtj.sep [2009/06/10 22:39:54 | 000,003,214 | ---- | M] () -- C:\Windows\SysWow64\sysprint.sep [2009/06/10 22:39:53 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\pcl.sep [2009/06/10 22:39:53 | 000,000,051 | ---- | M] () -- C:\Windows\SysWow64\pscript.sep [2009/06/10 22:39:18 | 000,001,820 | ---- | M] () -- C:\Windows\SysWow64\rasctrnm.h [2009/06/10 22:38:48 | 000,113,629 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs [2009/06/10 22:38:43 | 000,145,059 | ---- | M] () -- C:\Windows\SysWow64\taskschd.msc [2009/06/10 22:38:33 | 000,145,127 | ---- | M] () -- C:\Windows\SysWow64\eventvwr.msc [2009/06/10 22:38:10 | 000,017,935 | ---- | M] () -- C:\Windows\SysWow64\EventViewer_EventDetails.xsl [2009/06/10 22:36:33 | 000,063,070 | ---- | M] () -- C:\Windows\SysWow64\certmgr.msc [2009/06/10 22:34:45 | 000,215,943 | ---- | M] () -- C:\Windows\SysWow64\dssec.dat [2009/06/10 22:32:47 | 000,000,741 | ---- | M] () -- C:\Windows\SysWow64\NOISE.DAT [2009/06/10 22:32:07 | 000,002,060 | ---- | M] () -- C:\Windows\SysWow64\noise.jpn [2009/06/10 22:31:26 | 000,145,519 | ---- | M] () -- C:\Windows\SysWow64\perfmon.msc [2009/06/10 22:30:15 | 000,093,702 | ---- | M] () -- C:\Windows\SysWow64\SubRange.uce [2009/06/10 22:30:14 | 000,060,458 | ---- | M] () -- C:\Windows\SysWow64\ideograf.uce [2009/06/10 22:30:14 | 000,024,006 | ---- | M] () -- C:\Windows\SysWow64\gb2312.uce [2009/06/10 22:30:14 | 000,022,984 | ---- | M] () -- C:\Windows\SysWow64\bopomofo.uce [2009/06/10 22:30:14 | 000,016,740 | ---- | M] () -- C:\Windows\SysWow64\ShiftJIS.uce [2009/06/10 22:30:14 | 000,012,876 | ---- | M] () -- C:\Windows\SysWow64\korean.uce [2009/06/10 22:30:14 | 000,008,484 | ---- | M] () -- C:\Windows\SysWow64\kanji_2.uce [2009/06/10 22:30:14 | 000,006,948 | ---- | M] () -- C:\Windows\SysWow64\kanji_1.uce [2009/06/10 22:29:34 | 000,000,697 | ---- | M] () -- C:\Windows\SysWow64\NOISE.THA [2009/06/10 22:29:29 | 011,967,524 | ---- | M] () -- C:\Windows\SysWow64\korwbrkr.lex [2009/06/10 22:29:29 | 000,001,486 | ---- | M] () -- C:\Windows\SysWow64\noise.kor [2009/06/10 22:29:28 | 000,001,696 | ---- | M] () -- C:\Windows\SysWow64\NOISE.CHT [2009/06/10 22:29:17 | 000,001,696 | ---- | M] () -- C:\Windows\SysWow64\NOISE.CHS [2009/06/10 22:27:46 | 000,115,091 | ---- | M] () -- C:\Windows\SysWow64\WF.msc [2009/06/10 22:26:15 | 000,144,998 | ---- | M] () -- C:\Windows\SysWow64\lusrmgr.msc [2009/06/10 22:26:10 | 000,673,088 | ---- | M] () -- C:\Windows\SysWow64\mlang.dat [2009/06/10 22:25:52 | 000,063,411 | ---- | M] () -- C:\Windows\SysWow64\NAPCLCFG.MSC [2009/06/10 22:21:09 | 000,092,745 | ---- | M] () -- C:\Windows\SysWow64\services.msc [2009/06/10 22:21:07 | 000,144,909 | ---- | M] () -- C:\Windows\SysWow64\fsmgmt.msc [2009/06/10 22:21:06 | 000,113,256 | ---- | M] () -- C:\Windows\SysWow64\compmgmt.msc [2009/06/10 22:21:06 | 000,041,587 | ---- | M] () -- C:\Windows\SysWow64\azman.msc [2009/06/10 22:18:29 | 000,000,565 | ---- | M] () -- C:\Windows\SysWow64\NdfEventView.xml [2009/06/10 22:17:44 | 000,124,118 | ---- | M] () -- C:\Windows\SysWow64\comexp.msc [2009/06/10 22:16:56 | 000,002,233 | ---- | M] () -- C:\Windows\SysWow64\12520850.cpx [2009/06/10 22:16:56 | 000,002,151 | ---- | M] () -- C:\Windows\SysWow64\12520437.cpx [2009/06/10 22:16:38 | 000,002,727 | ---- | M] () -- C:\Windows\SysWow64\locationnotificationsview.xml [2009/06/10 22:15:19 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2009/06/10 22:15:18 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2009/06/10 22:15:06 | 000,076,060 | ---- | M] () -- C:\Windows\SysWow64\xpsrchvw.xml [2009/06/10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\SysWow64\drivers\gm.dls [2009/06/10 21:52:44 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx [2009/06/10 21:36:48 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini [2009/06/10 21:31:02 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml [2009/06/10 21:30:55 | 000,048,265 | ---- | M] () -- C:\Windows\HomePremium.xml [2009/05/23 09:37:42 | 000,024,576 | ---- | M] () -- C:\Windows\snuvcdsm.exe [2009/04/10 07:11:40 | 000,245,760 | ---- | M] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2006/05/21 01:39:58 | 000,015,497 | ---- | M] () -- C:\Windows\snp2uvc.ini [2006/04/13 11:30:06 | 001,073,152 | ---- | M] () -- C:\Windows\SysWow64\libmysql_c.dll [2005/03/05 03:01:10 | 000,014,134 | ---- | M] () -- C:\sample.bmp [2004/11/14 18:28:30 | 001,056,768 | ---- | M] () -- C:\Windows\SysWow64\libmysql41.dll [2004/11/14 18:28:30 | 000,280,576 | ---- | M] () -- C:\Windows\SysWow64\libmysql320.dll [2004/11/14 18:28:30 | 000,245,760 | ---- | M] () -- C:\Windows\SysWow64\libmysql40.dll [2004/11/14 18:28:30 | 000,217,088 | ---- | M] () -- C:\Windows\SysWow64\libmysql323.dll [1997/06/25 14:24:16 | 000,040,448 | ---- | M] () -- C:\Windows\REGOBJ.DLL ========== Files Created - No Company Name ========== [2013/01/11 17:21:03 | 000,001,008 | ---- | C] () -- C:\Users\Dom\Desktop\TunnelBear.lnk [2013/01/11 15:15:50 | 000,222,409 | ---- | C] () -- C:\Users\Dom\Desktop\11111.jpg [2013/01/08 09:58:33 | 000,002,651 | ---- | C] () -- C:\Users\Public\Desktop\Program PIT 2012-2013.lnk [2013/01/06 17:55:10 | 000,377,600 | ---- | C] () -- C:\Users\Dom\Desktop\haha.jpg [2013/01/05 14:54:52 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk [2013/01/05 14:39:35 | 000,262,676 | ---- | C] () -- C:\Users\Dom\Desktop\pppppp.jpg [2013/01/05 02:30:37 | 000,001,695 | ---- | C] () -- C:\Users\Dom\Desktop\SG Cabal Online — skrót.lnk [2013/01/02 18:42:50 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/02 18:42:49 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/02 10:25:34 | 000,000,937 | ---- | C] () -- C:\Users\Dom\Desktop\RaiderZ.lnk [2012/12/31 14:11:37 | 000,135,686 | ---- | C] () -- C:\Users\Dom\Desktop\Raiderz_Artwork3.jpg [2012/12/30 13:51:28 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\libmysql41.dll [2012/12/30 13:51:28 | 000,280,576 | ---- | C] () -- C:\Windows\SysWow64\libmysql320.dll [2012/12/30 13:51:28 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\libmysql40.dll [2012/12/30 13:51:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmysql323.dll [2012/12/28 23:18:01 | 000,241,881 | ---- | C] () -- C:\Users\Dom\Desktop\p;p;p.jpg [2012/12/20 17:07:08 | 000,006,896 | ---- | C] () -- C:\bootsqm.dat [2012/12/20 12:47:51 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/12/18 14:14:07 | 000,000,380 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2012/12/18 13:50:33 | 000,001,184 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2012/12/18 13:49:54 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI [2012/12/16 14:46:13 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll [2012/12/16 14:46:13 | 000,001,025 | ---- | C] () -- C:\Users\Dom\Desktop\Proxifier.lnk [2012/11/30 14:23:36 | 000,000,061 | ---- | C] () -- C:\Users\Dom\SciTEUser.properties [2012/11/29 17:57:56 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll [2012/11/28 13:08:37 | 000,243,018 | ---- | C] () -- C:\Users\Dom\Desktop\ttt.jpg [2012/11/20 16:13:30 | 048,179,170 | ---- | C] () -- C:\Users\Dom\game [2012/11/14 13:52:38 | 000,001,107 | ---- | C] () -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2012/11/07 02:40:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/07 02:40:16 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/10/10 09:17:24 | 000,000,320 | ---- | C] () -- C:\Users\Dom\SciTE.session [2012/08/29 05:17:49 | 001,048,576 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.2.regtrans-ms [2012/08/29 05:17:49 | 001,048,576 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.1.regtrans-ms [2012/08/29 05:17:49 | 001,048,576 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.0.regtrans-ms [2012/08/29 05:17:49 | 000,065,536 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477174-cc34-11e1-b3c4-5c9ad85e122e}.TxR.blf [2012/08/21 17:50:54 | 000,000,600 | ---- | C] () -- C:\Users\Dom\AppData\Local\PUTTY.RND [2012/08/20 18:46:36 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2012/08/16 19:13:35 | 000,015,772 | RHS- | C] () -- C:\Users\Dom\tiuopu.exe [2012/08/10 10:35:27 | 000,001,638 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012/08/08 15:49:09 | 000,041,309 | ---- | C] () -- C:\Users\Dom\Desktop\skrillex.jpg [2012/08/08 15:41:23 | 000,000,608 | ---- | C] () -- C:\user.js [2012/08/08 15:32:32 | 000,176,017 | ---- | C] () -- C:\Users\Dom\Desktop\Skrillex-Bangarang-EP.jpg [2012/08/02 13:04:25 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2012/07/17 15:05:51 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000UA.job [2012/07/17 15:05:51 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000Core.job [2012/07/12 16:17:45 | 000,524,288 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TMContainer00000000000000000002.regtrans-ms [2012/07/12 16:17:45 | 000,524,288 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TMContainer00000000000000000001.regtrans-ms [2012/07/12 16:17:45 | 000,065,536 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{aa477175-cc34-11e1-b3c4-5c9ad85e122e}.TM.blf [2012/06/28 18:09:28 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/06 19:55:24 | 000,001,104 | ---- | C] () -- C:\Users\Dom\Desktop\TuneUp Konserwacja 1 kliknięciem.lnk [2012/06/04 17:53:20 | 000,003,392 | ---- | C] () -- C:\WirelessDiagLog.csv [2012/06/04 10:24:35 | 001,372,067 | -H-- | C] () -- C:\Users\Dom\AppData\Local\IconCache.db [2012/06/04 10:20:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/06/04 09:48:44 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH531_PI_FUJITSU_FJNBB0F_Default System BIOS_FUJ - 1_1.27_Intel(R) HD Graphics Family.MRK [2012/06/04 09:47:46 | 000,001,123 | ---- | C] () -- C:\Users\Dom\Desktop\CyberLink YouCam.lnk [2012/06/04 09:41:55 | 000,001,280 | ---- | C] () -- C:\Windows\SysWow64\TRACE.trace [2012/06/04 09:41:06 | 000,524,288 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TMContainer00000000000000000002.regtrans-ms [2012/06/04 09:41:06 | 000,524,288 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TMContainer00000000000000000001.regtrans-ms [2012/06/04 09:41:06 | 000,065,536 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT{a00e996f-7c64-11e0-97d8-e5d5d5fc43bc}.TM.blf [2012/06/04 09:41:06 | 000,057,944 | ---- | C] () -- C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT [2012/06/04 09:41:03 | 005,767,168 | -HS- | C] () -- C:\Users\Dom\NTUSER.DAT [2012/06/04 09:41:03 | 000,000,020 | -HS- | C] () -- C:\Users\Dom\ntuser.ini [2012/06/04 09:40:33 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/04 09:40:32 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/31 22:56:03 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012/05/31 22:56:02 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2012/05/31 22:56:02 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012/05/31 22:56:02 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src [2012/02/17 16:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Dom\abbrev.properties [2012/02/17 15:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.keywords.user.abbreviations.properties [2012/02/14 21:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Dom\au3UserAbbrev.properties [2011/05/12 08:31:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/05/12 08:11:47 | 001,640,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2010/11/25 05:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2010/11/21 08:17:39 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml [2010/11/21 04:24:33 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2010/11/21 04:23:59 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2010/11/21 04:23:48 | 000,419,880 | ---- | C] () -- C:\Windows\SysWow64\locale.nls [2010/03/27 16:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Dom\au3abbrev.properties [2010/01/02 22:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Dom\au3.UserUdfs.properties [2010/01/02 22:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.user.calltips.api [2009/08/11 21:18:28 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 06:28:38 | 000,048,201 | ---- | C] () -- C:\Windows\Starter.xml [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\tasks\SA.DAT [2009/07/14 06:01:34 | 000,151,249 | ---- | C] () -- C:\Windows\SysWow64\license.rtf [2009/07/14 05:55:01 | 000,000,535 | ---- | C] () -- C:\Windows\SysWow64\mapisvc.inf [2009/07/14 05:54:24 | 000,000,749 | RH-- | C] () -- C:\Windows\WindowsShell.Manifest [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:35:51 | 000,000,697 | ---- | C] () -- C:\Windows\SysWow64\NOISE.THA [2009/07/14 03:35:50 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex [2009/07/14 03:35:50 | 000,001,696 | ---- | C] () -- C:\Windows\SysWow64\NOISE.CHT [2009/07/14 03:35:50 | 000,001,486 | ---- | C] () -- C:\Windows\SysWow64\noise.kor [2009/07/14 03:35:49 | 000,001,696 | ---- | C] () -- C:\Windows\SysWow64\NOISE.CHS [2009/07/14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009/07/14 03:34:57 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini [2009/07/14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 03:34:28 | 000,008,798 | ---- | C] () -- C:\Windows\SysWow64\icrav03.rat [2009/07/14 03:34:28 | 000,001,988 | ---- | C] () -- C:\Windows\SysWow64\ticrf.rat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/14 00:41:24 | 000,093,702 | ---- | C] () -- C:\Windows\SysWow64\SubRange.uce [2009/07/14 00:41:24 | 000,060,458 | ---- | C] () -- C:\Windows\SysWow64\ideograf.uce [2009/07/14 00:41:24 | 000,024,006 | ---- | C] () -- C:\Windows\SysWow64\gb2312.uce [2009/07/14 00:41:24 | 000,016,740 | ---- | C] () -- C:\Windows\SysWow64\ShiftJIS.uce [2009/07/14 00:41:24 | 000,012,876 | ---- | C] () -- C:\Windows\SysWow64\korean.uce [2009/07/14 00:41:24 | 000,008,484 | ---- | C] () -- C:\Windows\SysWow64\kanji_2.uce [2009/07/14 00:41:24 | 000,006,948 | ---- | C] () -- C:\Windows\SysWow64\kanji_1.uce [2009/07/14 00:08:01 | 000,003,577 | ---- | C] () -- C:\Windows\SysWow64\sysprtj.sep [2009/07/14 00:08:01 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\pcl.sep [2009/07/14 00:08:01 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\pscript.sep [2009/07/14 00:06:14 | 000,004,453 | ---- | C] () -- C:\Windows\SysWow64\odbcconf.rsp [2009/07/13 23:41:10 | 000,002,233 | ---- | C] () -- C:\Windows\SysWow64\12520850.cpx [2009/07/13 23:12:16 | 000,063,411 | ---- | C] () -- C:\Windows\SysWow64\NAPCLCFG.MSC [2009/07/13 23:11:17 | 000,115,091 | ---- | C] () -- C:\Windows\SysWow64\WF.msc [2009/07/13 23:06:29 | 000,201,034 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2009/07/13 23:06:29 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2009/07/13 23:06:29 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2009/07/13 23:06:29 | 000,001,559 | ---- | C] () -- C:\Windows\SysWow64\WsmPty.xsl [2009/07/13 23:01:40 | 000,124,118 | ---- | C] () -- C:\Windows\SysWow64\comexp.msc [2009/07/13 22:55:47 | 000,144,998 | ---- | C] () -- C:\Windows\SysWow64\lusrmgr.msc [2009/07/13 22:47:53 | 000,063,070 | ---- | C] () -- C:\Windows\SysWow64\certmgr.msc [2009/07/13 22:46:10 | 000,145,127 | ---- | C] () -- C:\Windows\SysWow64\eventvwr.msc [2009/07/13 22:46:10 | 000,017,935 | ---- | C] () -- C:\Windows\SysWow64\EventViewer_EventDetails.xsl [2009/07/13 22:46:09 | 000,145,059 | ---- | C] () -- C:\Windows\SysWow64\taskschd.msc [2009/07/13 22:44:22 | 000,144,909 | ---- | C] () -- C:\Windows\SysWow64\fsmgmt.msc [2009/07/13 22:44:22 | 000,113,256 | ---- | C] () -- C:\Windows\SysWow64\compmgmt.msc [2009/07/13 22:44:22 | 000,092,745 | ---- | C] () -- C:\Windows\SysWow64\services.msc [2009/07/13 22:44:22 | 000,041,587 | ---- | C] () -- C:\Windows\SysWow64\azman.msc [2009/07/13 22:38:38 | 000,024,114 | ---- | C] () -- C:\Windows\SysWow64\lcptr.tbl [2009/07/13 22:34:35 | 000,047,679 | ---- | C] () -- C:\Windows\SysWow64\diskmgmt.msc [2009/07/13 22:33:45 | 000,000,714 | ---- | C] () -- C:\Windows\SysWow64\RestartManager.mof [2009/07/13 22:33:45 | 000,000,176 | ---- | C] () -- C:\Windows\SysWow64\RestartManagerUninstall.mof [2009/07/13 22:28:41 | 000,145,519 | ---- | C] () -- C:\Windows\SysWow64\perfmon.msc [2009/07/13 22:23:44 | 000,145,640 | ---- | C] () -- C:\Windows\SysWow64\devmgmt.msc [2009/07/13 22:20:44 | 000,144,862 | ---- | C] () -- C:\Windows\SysWow64\tpm.msc [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/13 21:22:42 | 000,195,618 | ---- | C] () -- C:\Windows\SysWow64\C_10002.NLS [2009/07/13 21:22:42 | 000,189,986 | ---- | C] () -- C:\Windows\SysWow64\C_1361.NLS [2009/07/13 21:22:42 | 000,187,938 | ---- | C] () -- C:\Windows\SysWow64\C_20005.NLS [2009/07/13 21:22:42 | 000,186,402 | ---- | C] () -- C:\Windows\SysWow64\C_20001.NLS [2009/07/13 21:22:42 | 000,185,378 | ---- | C] () -- C:\Windows\SysWow64\C_20003.NLS [2009/07/13 21:22:42 | 000,180,258 | ---- | C] () -- C:\Windows\SysWow64\C_20004.NLS [2009/07/13 21:22:42 | 000,180,258 | ---- | C] () -- C:\Windows\SysWow64\C_20000.NLS [2009/07/13 21:22:42 | 000,177,698 | ---- | C] () -- C:\Windows\SysWow64\C_10003.NLS [2009/07/13 21:22:42 | 000,173,602 | ---- | C] () -- C:\Windows\SysWow64\C_20002.NLS [2009/07/13 21:22:42 | 000,173,602 | ---- | C] () -- C:\Windows\SysWow64\C_10008.NLS [2009/07/13 21:22:42 | 000,162,850 | ---- | C] () -- C:\Windows\SysWow64\C_10001.NLS [2009/07/13 21:22:42 | 000,139,810 | ---- | C] () -- C:\Windows\SysWow64\C_20261.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_869.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_866.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_865.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_864.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_863.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_862.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_861.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_860.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_858.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_857.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_855.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_852.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_850.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_775.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_737.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_720.NLS [2009/07/13 21:22:42 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_437.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_875.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_870.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_708.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_500.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28605.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\c_28603.nls [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28599.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28598.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28597.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28596.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28595.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28594.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28593.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28592.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_28591.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_21866.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_21027.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_21025.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20924.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20905.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20880.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20871.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20866.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20838.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20833.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20424.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20423.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20420.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20297.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20290.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20269.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20127.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20108.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20107.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20106.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20105.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10082.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10081.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10079.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10029.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10021.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10017.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10010.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10007.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10006.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10005.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10004.NLS [2009/07/13 21:22:42 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_10000.NLS [2009/07/13 21:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\SysWow64\C_950.NLS [2009/07/13 21:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\SysWow64\C_949.NLS [2009/07/13 21:22:41 | 000,196,642 | ---- | C] () -- C:\Windows\SysWow64\C_936.NLS [2009/07/13 21:22:41 | 000,180,770 | ---- | C] () -- C:\Windows\SysWow64\C_20932.NLS [2009/07/13 21:22:41 | 000,177,698 | ---- | C] () -- C:\Windows\SysWow64\C_20949.NLS [2009/07/13 21:22:41 | 000,173,602 | ---- | C] () -- C:\Windows\SysWow64\C_20936.NLS [2009/07/13 21:22:41 | 000,162,850 | ---- | C] () -- C:\Windows\SysWow64\C_932.NLS [2009/07/13 21:22:41 | 000,066,594 | ---- | C] () -- C:\Windows\SysWow64\C_874.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20285.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20284.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20280.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20278.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20277.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_20273.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1258.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1257.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1256.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1255.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1254.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1253.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1252.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1251.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1149.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1148.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1147.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1146.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1145.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1144.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1143.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1142.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1141.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1140.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1047.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1026.NLS [2009/07/13 21:22:41 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_037.NLS [2009/06/10 22:48:27 | 000,009,958 | ---- | C] () -- C:\Windows\SysWow64\l_intl.nls [2009/06/10 22:48:14 | 000,066,082 | ---- | C] () -- C:\Windows\SysWow64\C_1250.NLS [2009/06/10 22:44:34 | 003,170,304 | ---- | C] () -- C:\Windows\SysWow64\boot.sdi [2009/06/10 22:42:07 | 000,004,041 | ---- | C] () -- C:\Windows\SysWow64\xwizard.dtd [2009/06/10 22:41:29 | 000,211,938 | ---- | C] () -- C:\Windows\SysWow64\lcphrase.tbl [2009/06/10 22:40:47 | 000,000,035 | ---- | C] () -- C:\Windows\SysWow64\winrm.cmd [2009/06/10 22:39:54 | 000,003,214 | ---- | C] () -- C:\Windows\SysWow64\sysprint.sep [2009/06/10 22:39:18 | 000,001,820 | ---- | C] () -- C:\Windows\SysWow64\rasctrnm.h [2009/06/10 22:38:48 | 000,113,629 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2009/06/10 22:32:07 | 000,002,060 | ---- | C] () -- C:\Windows\SysWow64\noise.jpn [2009/06/10 22:30:14 | 000,022,984 | ---- | C] () -- C:\Windows\SysWow64\bopomofo.uce [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/06/10 22:18:29 | 000,000,565 | ---- | C] () -- C:\Windows\SysWow64\NdfEventView.xml [2009/06/10 22:16:56 | 000,002,151 | ---- | C] () -- C:\Windows\SysWow64\12520437.cpx [2009/06/10 22:16:38 | 000,002,727 | ---- | C] () -- C:\Windows\SysWow64\locationnotificationsview.xml [2009/06/10 22:15:06 | 000,076,060 | ---- | C] () -- C:\Windows\SysWow64\xpsrchvw.xml [2009/06/10 22:14:28 | 003,440,660 | ---- | C] () -- C:\Windows\SysWow64\drivers\gm.dls [2009/06/10 21:52:44 | 000,316,640 | ---- | C] () -- C:\Windows\WMSysPr9.prx [2005/03/05 03:01:10 | 000,014,134 | ---- | C] () -- C:\sample.bmp ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu [2012/11/18 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Aidem Media [2012/11/08 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Bioshock [2013/01/11 12:38:55 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BITS [2012/11/30 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\CoreFTP [2012/07/13 09:05:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools Lite [2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DMCache [2012/08/24 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ESET [2012/10/15 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FarmHelper [2012/11/27 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FileZilla [2012/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGet [2012/12/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGetBHO [2012/12/18 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashgetSetup [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu [2012/06/04 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu Launch Center [2012/08/11 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu [2012/08/11 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10 [2012/12/20 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GG [2012/11/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GHISLER [2012/11/07 02:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech [2012/10/23 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\marcinc [2012/09/17 18:19:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mp3DirectCut [2012/09/16 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Need for Speed World [2012/11/14 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Nokia [2012/06/27 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Notepad++ [2013/01/05 01:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ObviousIdea [2012/07/13 09:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\OpenCandy [2012/11/14 09:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PC Suite [2013/01/08 10:06:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Podatnik.info [2012/12/16 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Proxifier [2012/08/14 05:53:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\RegistryKeys [2012/08/27 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\runic games [2013/01/05 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SendSpace [2012/10/15 10:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SFBot [2012/12/16 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SoftGrid Client [2012/09/05 00:11:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TeamViewer [2012/06/04 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TP [2013/01/04 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TS3Client [2012/06/06 19:55:44 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software [2013/01/11 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\uTorrent [2012/07/21 14:42:35 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Windows Live Writer [2013/01/05 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner [2012/10/11 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\WNR [2012/12/12 00:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ [2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ (C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ < End of report > [/log] Extras : [log]OTL Extras logfile created on: 1/12/2013 1:55:52 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.91 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 45.68% Memory free 7.83 Gb Paging File | 5.53 Gb Available in Paging File | 70.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 36.43 Gb Free Space | 36.43% Space Free | Partition Type: NTFS Drive D: | 177.46 Gb Total Space | 59.85 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [compress] -- C:\Program Files (x86)\KGB Archiver\kgb_arch_compress.exe "%1\" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UacDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D3C7444-1C69-4E59-916B-3BB637F4E1A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1FDBB5DE-77A4-4BA7-BC1D-F516C4149DB1}" = lport=445 | protocol=6 | dir=in | app=system | "{5A2ABC3B-B983-4F2F-858B-4F9EEF7507B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5ABD13BD-EBB8-4544-AA23-8E1E4C19F8F7}" = rport=139 | protocol=6 | dir=out | app=system | "{651DA4E3-D290-42D8-9ECF-B1483DB6A527}" = lport=137 | protocol=17 | dir=in | app=system | "{76660C80-5B13-428B-A251-1F9A49B4ABD1}" = rport=445 | protocol=6 | dir=out | app=system | "{A049EC57-EBE1-47F6-88A2-82989EDBB2AE}" = rport=137 | protocol=17 | dir=out | app=system | "{C3642F39-5605-4E86-A500-DE31032DF621}" = lport=138 | protocol=17 | dir=in | app=system | "{C5E8D838-E07E-48EB-A5F9-147C047555DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C789ABC1-1764-4ACA-ADAB-251C5AA9AC1D}" = lport=139 | protocol=6 | dir=in | app=system | "{CC4F8A4B-119A-4038-B22E-6130FBF55D3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E92427A7-1A1E-4439-AE68-5A9408CEB32B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE217E2B-0876-4358-998C-B2EDA8CF1E6F}" = rport=138 | protocol=17 | dir=out | app=system | "{FFF96442-F3C4-4DC5-9906-6EDA5BA31E71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0757317E-8F17-427B-8063-778D1D198787}" = protocol=58 | dir=in | app=system | "{09C6EE5F-EDAA-4ABE-82DE-05837D1B453E}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe | "{0D59CE62-131E-4B8F-9A71-C0C128AE88AD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{2C9426FE-8493-4A8C-81A1-959C92C6F68D}" = dir=out | app=d:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{331BA8FD-73E9-4BD3-A7A9-D95235CA706D}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013.exe | "{3422F8DD-4E43-4DB7-BC2F-7F68F07CB55B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{352961E2-0D49-4035-BBE4-2C68EF87222E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{501FBF96-934B-4A3F-A5B1-EF047D6123C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6D878FD3-5359-4F75-9203-30D7AEAED574}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{79B919AC-1015-4621-A074-582B23E57719}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7AF432BC-7176-4CBB-9FAB-7767FE303046}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{7F15B47E-5BF9-491A-9201-196133556063}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{83F92B75-C9FB-4732-9CDB-CC75FE92C42D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{8D838E4A-48B5-4087-A4F4-B600F347EC11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{90F52B9F-782D-4239-9103-25F0AC00D585}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{9791E3C3-06B2-46D5-A7CD-47D3E0C35386}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A1D6C9CA-B51B-425B-AF68-4F2E6EDBF09D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pinkibezmozga\counter-strike\hl.exe | "{AD576577-7128-4F84-A1CF-E69DFFD4E14E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B1367F91-6C8E-418C-BF42-5984073A9DED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{BBA329D2-460B-43BF-9EA9-357AB9F4C311}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CDCA1244-187A-433B-8948-1D139F247F41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D01BAFF6-C002-42A5-B7AA-154264ED81FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D3C24ED2-5C2C-4C39-B13F-EC9B9C52D67F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{DA61EE37-43B9-4126-9EDE-50DA17C27C82}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F25119B5-239F-41E7-BAD8-226BB8C8145C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pinkibezmozga\counter-strike\hl.exe | "{FB5A1E4D-C6C5-4B26-AA8D-43B0AFB4948D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{0518DDFB-2FB0-4039-AD2C-FC0943CB5136}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{238E77E6-ADBB-4EA3-A813-7ACB2A4B298E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "TCP Query User{5971BC82-8C99-48E3-90FA-D3B77602D6B3}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=6 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin | "TCP Query User{6B341D32-27F3-4410-A00B-4B9A836FA085}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe | "UDP Query User{15658E78-0492-4C71-9DB5-8ECA9BFE3D9A}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=17 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin | "UDP Query User{1A1AF71B-B5BE-4003-8068-B23E03D5668A}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe | "UDP Query User{6A9FF406-086D-495D-BDD6-452659A3B94B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{CACC6D91-0A33-4F70-BBBF-533F704955F2}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37993A79-5D36-4227-B8E8-9BDE95B2CE45}" = Bolek i Lolek - Alfabet i nauka czytania "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{52644103-70EE-47F6-9BBB-AA4514B59615}_is1" = Farming Simulator 2013 "{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{606E1B88-065A-41C6-B996-287A0E756FB0}_is1" = EGCabal Online version 2.1.0 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{BE739BC7-030F-4CAA-A6F9-EA59405B7E32}" = Program PIT 2012-2013 "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "ASCII Art Generator_is1" = ASCII Art Generator 3.2.2 "AutoItv3" = AutoIt v3.3.8.1 "avast" = avast! Free Antivirus "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "DAEMON Tools Lite" = DAEMON Tools Lite "DeskUpdate_is1" = DeskUpdate 4.11 "FlashGet3.7" = FlashGet3.7 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{AFFC0877-D62C-4A7D-A11F-1E73B5800D13}" = Bioshock "InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "KGB Archiver_is1" = KGB Archiver 1.2.1.24 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4 "LogMeIn Hamachi" = LogMeIn Hamachi "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL "Proxifier_is1" = Proxifier version 3.21 "QuicktimeAlt_is1" = QuickTime Alternative 2.9.2 "RealPlayer 15.0" = RealPlayer "SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012 "Serenity GamerZ Revolution Client Revolution" = Serenity GamerZ Revolution Client Revolution "Steam App 10" = Counter-Strike "SubEdit-Player_is1" = SubEdit-Player "TeamViewer 7" = TeamViewer 7 "TuneUp Utilities 2012_is1" = TuneUp Utilities 2012 wersja 12.0.3500.29 "TunnelBear" = TunnelBear 1.0.36 "uTorrent" = µTorrent "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bitowy) "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.73 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DDFinal" = DDFinal "GG" = GG "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/10/2013 7:26:31 AM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Nazwa modułu powodującego błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e10b Identyfikator procesu powodującego błąd: 0x1214 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdef153ead16d3 Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Identyfikator raportu: 945c57ae-5b18-11e2-bd65-4c809354acd0 Error - 1/10/2013 8:51:51 AM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Nazwa modułu powodującego błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e10b Identyfikator procesu powodującego błąd: 0x12ac Godzina uruchomienia aplikacji powodującej błąd: 0x01cdef25616a7a5c Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Identyfikator raportu: 806df981-5b24-11e2-bd65-4c809354acd0 Error - 1/10/2013 4:24:43 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/10/2013 5:47:00 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 4:23:58 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 10:36:22 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 11:56:18 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 4:01:39 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 6:41:09 PM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Nazwa modułu powodującego błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e10b Identyfikator procesu powodującego błąd: 0x1358 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf0375ce966fc Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Identyfikator raportu: fd95085e-5c3f-11e2-874a-4c809354acd0 Error - 1/11/2013 8:47:17 PM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: sro_client.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4e311cb6 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.17725, sygnatura czasowa: 0x4ec49b8f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0003331f Identyfikator procesu powodującego błąd: 0x11d8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf05e497c7d3f Ścieżka aplikacji powodującej błąd: C:\Users\Dom\Downloads\Special-Sro+Game+ver+196\Special-Sro Game\sro_client.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 9c6f9293-5c51-11e2-874a-4c809354acd0 [ System Events ] Error - 1/11/2013 8:13:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:13:31 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:14:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:14:31 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:15:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:15:31 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:16:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:16:31 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:17:01 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/11/2013 8:18:49 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 < End of report > [/log] Dobrze zrobilem? Czy mamzrobic z 360 dni? Bo zrobilem tylko z 60 A to z 2 programu info [log]info.txt logfile of random's system information tool 1.09 2013-01-12 02:22:58 ======Uninstall list====== -->"D:\Program Files (x86)\cdp.pl\Farming Simulator 2013\unins000.exe" -->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D} µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin Adobe Reader X (10.1.4) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AA1000000001} ALLPlayer V4.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe" Anytime USB Charge Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}\setup.exe" -runfromtemp -l0x0409 -removeonly ASCII Art Generator 3.2.2-->"C:\Program Files (x86)\ASCII Art Generator\unins000.exe" AutoIt v3.3.8.1-->C:\Program Files (x86)\AutoIt3\Uninstall.exe avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Bioshock-->C:\Program Files (x86)\InstallShield Installation Information\{AFFC0877-D62C-4A7D-A11F-1E73B5800D13}\setup.exe -runfromtemp -l0x0419 Bolek i Lolek - Alfabet i nauka czytania-->MsiExec.exe /I{37993A79-5D36-4227-B8E8-9BDE95B2CE45} Cheat Engine 6.2-->"C:\Program Files (x86)\Cheat Engine 6.2\unins000.exe" Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544} Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3} Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B} Counter-Strike-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10 CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe DeskUpdate 4.11-->"c:\Fujitsu\Programs\DeskUpdate\unins000.exe" EGCabal Online version 2.1.0-->"D:\Program Files (x86)\EGCabal Online\unins000.exe" Farming Simulator 2013-->"D:\Program Files (x86)\cdp.pl\Farming Simulator 2013\unins000.exe" FJ Camera-->C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly FlashGet3.7-->C:\Program Files (x86)\FlashGet Network\FlashGet 3\uninst.exe Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7} Fujitsu Display Manager-->C:\Program Files (x86)\InstallShield Installation Information\{4108974B-DE87-4AD4-9167-930C62C45691}\setup.exe -runfromtemp -l0x0409 Fujitsu Hotkey Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{C8E4B31D-337C-483D-822D-16F11441669B}\setup.exe" -runfromtemp -l0x0409 -removeonly Fujitsu Hotkey Utility-->MsiExec.exe /X{C8E4B31D-337C-483D-822D-16F11441669B} Fujitsu MobilityCenter Extension Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{EC314CDF-3521-482B-A21C-65AC95664814}\setup.exe" -runfromtemp -l0x0409 -removeonly Fujitsu System Extension Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}\setup.exe" -runfromtemp -l0x0409 -removeonly Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4} Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66} Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall Intel(R) WiDi-->MsiExec.exe /X{25680C01-6753-4FE9-A891-7857F26457C1} Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF} Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} KGB Archiver 1.2.1.24-->"C:\Program Files (x86)\KGB Archiver\unins000.exe" K-Lite Mega Codec Pack 5.4.4-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" LifeBook Application Panel-->"C:\Program Files (x86)\InstallShield Installation Information\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}\setup.exe" -runfromtemp -l0x0409 -removeonly LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {106B4413-ACBB-4CDE-8707-587DB9BD77EC} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{106B4413-ACBB-4CDE-8707-587DB9BD77EC} McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{887868A2-D6DE-3255-AA92-AA0B5A59B874} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Mozilla Firefox 18.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Need For Speed™ World-->"D:\Program Files (x86)\Electronic Arts\Need For Speed World\unins000.exe" Nokia Connectivity Cable Driver-->MsiExec.exe /I{A57025CC-5F2E-4D01-B387-06DB10500D43} Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D} Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706} Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31} PC Connectivity Solution-->MsiExec.exe /I{644F4910-E812-49AD-93EC-86828CB81A0D} Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1} Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Power Saving Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{49A588CF-5FD4-4774-BFBF-0764287DE82B}\setup.exe" -runfromtemp -l0x0409 -removeonly PremiumSoft Navicat 8.0 for MySQL-->"C:\Program Files (x86)\PremiumSoft\Navicat 8.0 MySQL\unins000.exe" Program PIT 2012-2013-->MsiExec.exe /I{BE739BC7-030F-4CAA-A6F9-EA59405B7E32} Proxifier version 3.21-->"C:\Program Files (x86)\Proxifier\unins000.exe" QuickTime Alternative 2.9.2-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe" RaiderZ-->"D:\Program Files (x86)\RaiderZOnline\unins000.exe" RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0 Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} SciTE4AutoIt3 6/10/2012-->C:\Program Files (x86)\AutoIt3\SciTE\uninst.exe Security Update for Microsoft .NET Framework 4.5 (KB2729460)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {E7013CF5-8910-3109-93B6-7447D0371F4E} Security Update for Microsoft .NET Framework 4.5 (KB2737083)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {00909A54-CC11-3F00-9279-3CE090432A91} Serenity GamerZ Revolution Client Revolution-->C:\Program Files (x86)\SerenityGamerZ\Cabal\Uninstall.exe Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubEdit-Player-->"C:\Program Files (x86)\SubEdit-Player\unins000.exe" TeamViewer 7-->C:\Program Files (x86)\TeamViewer\Version7\uninstall.exe TuneUp Utilities 2012 wersja 12.0.3500.29-->"C:\Program Files (x86)\TuneUp Utilities 2012\unins000.exe" TunnelBear 1.0.36-->C:\Program Files (x86)\TunnelBear\uninst.exe Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E} Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84} Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E} Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176} Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199} Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11} Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C} Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678} Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576} Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72} Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7} Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B} Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA} Windows Live Messenger-->MsiExec.exe /X{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8} Windows Live Messenger-->MsiExec.exe /X{4A275FD1-2F24-4274-8C01-813F5AD1A92D} Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2} Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660} Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE} Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341} Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB} Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896} Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538} Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B} Windows Live UX Platform Language Pack-->MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248} Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16} Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194} Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6} Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040} Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC} Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5} Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F} Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F} Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C} Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80} Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR 4.11 (32-bitowy)-->C:\Program Files (x86)\WinRAR\uninstall.exe Wise Disk Cleaner 7.73-->"C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.exe" ======System event log====== Computer Name: Dom-Komputer Event Code: 7023 Message: Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Record Number: 378752 Source Name: Service Control Manager Time Written: 20121225130359.959697-000 Event Type: Błędy User: Computer Name: Dom-Komputer Event Code: 7036 Message: Usługa Instalator modułów systemu Windows weszła w stan zatrzymania. Record Number: 378751 Source Name: Service Control Manager Time Written: 20121225130359.959697-000 Event Type: Informacje User: Computer Name: Dom-Komputer Event Code: 7023 Message: Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Record Number: 378750 Source Name: Service Control Manager Time Written: 20121225130330.129917-000 Event Type: Błędy User: Computer Name: Dom-Komputer Event Code: 7036 Message: Usługa Instalator modułów systemu Windows weszła w stan zatrzymania. Record Number: 378749 Source Name: Service Control Manager Time Written: 20121225130330.129917-000 Event Type: Informacje User: Computer Name: Dom-Komputer Event Code: 7023 Message: Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: Nie można odnaleźć określonego modułu. Record Number: 378748 Source Name: Service Control Manager Time Written: 20121225130300.468924-000 Event Type: Błędy User: =====Application event log===== Computer Name: LIFEBOOK Event Code: 35 Message: Record Number: 5 Source Name: NIS Time Written: 20120531214808.000000-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LIFEBOOK Event Code: 34 Message: Record Number: 4 Source Name: NIS Time Written: 20120531214807.000000-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LIFEBOOK Event Code: 0 Message: Record Number: 3 Source Name: Bluetooth Device Monitor Time Written: 20120531214806.000000-000 Event Type: Informacje User: Computer Name: LIFEBOOK Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20120531214758.372522-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LIFEBOOK Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20120531214758.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: Dom-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DOM-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x358 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 319978 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130102180224.045027-000 Event Type: Sukcesy inspekcji User: Computer Name: Dom-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 319977 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130102180154.014974-000 Event Type: Sukcesy inspekcji User: Computer Name: Dom-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DOM-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x358 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 319976 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130102180154.014974-000 Event Type: Sukcesy inspekcji User: Computer Name: Dom-Komputer Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 319975 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130102180123.984922-000 Event Type: Sukcesy inspekcji User: Computer Name: Dom-Komputer Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DOM-KOMPUTER$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x358 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 319974 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130102180123.984922-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dom\AppData\Local\Smartbar\Application\;C:\Users\Dom\AppData\Local\Smartbar\Application\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF----------------- [/log] i log [log]Logfile of random's system information tool 1.09 (written by random/random) Run by Dom at 2013-01-12 02:22:22 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 37 GB (36%) free of 102 GB Total RAM: 4009 MB (61% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:22:48, on 2013-01-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Users\Dom\Downloads\OTL.exe C:\Users\Dom\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Dom.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110824&tt=4712_5&babsrc=HP_ss&mntrId=ae31ac310000000000004c809354accd R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.102.16.69:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Dom\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user') O4 - .DEFAULT User Startup: newreminderdialog.lnk = C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (User 'Default user') O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PFNService - FUJITSU LIMITED - C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem -- End of file - 12447 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000UA.job =========Mozilla firefox========= ProfilePath - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xmwk5cuo.default prefs.js - "browser.startup.homepage" - "https://www.google.pl/" prefs.js - "keyword.URL" - "http://websearch.just-browse.info/?l=1&q=" "{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext "ocr@babylon.com"=C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame] "Description"=Nexon Game Controller "Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53] "Description"=RealJukebox Netscape Plugin "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53] "Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53] "Description"=RealPlayer(tm) HTML5VideoShim Plug-In "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53] "Description"=RealPlayer Download Plugin "Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll nppdf32.dll WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files (x86)\Mozilla Firefox\searchplugins\ allegro-pl.xml babylon.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xmwk5cuo.default\extensions\ 50e76b2c4f976@50e76b2c4f9af.com C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xmwk5cuo.default\searchplugins\ WebSearch.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-04 425680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-24 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-23 998560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] FlashGetBHO - C:\Users\Dom\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-07 149168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-11-23 37376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} {98889811-442D-49dd-99D7-DC866BE87DBC} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-23 998560] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IndicatorUtility"=C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2010-09-30 48752] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-02-23 4031368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flashget3.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hamachi-2-ui.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steam.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unite.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.siren"=sirenacm.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "msacm.ac3filter"=ac3filter.acm ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2013-01-12 02:22:22 ----D---- C:\rsit 2013-01-12 02:22:22 ----D---- C:\Program Files (x86)\trend micro 2013-01-11 15:04:29 ----D---- C:\ProgramData\Electronic Arts 2013-01-10 23:04:05 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-01-08 17:12:20 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll 2013-01-08 17:12:20 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-01-08 17:12:19 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll 2013-01-08 17:12:17 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-01-08 17:12:16 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll 2013-01-08 17:12:15 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll 2013-01-08 17:12:14 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll 2013-01-08 17:12:13 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll 2013-01-08 17:12:12 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-01-08 17:12:11 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll 2013-01-08 17:12:11 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll 2013-01-08 17:12:10 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-01-08 17:12:09 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll 2013-01-08 17:12:07 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll 2013-01-08 17:12:05 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll 2013-01-08 17:12:04 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll 2013-01-08 17:12:02 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2013-01-08 17:11:57 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2013-01-08 17:11:56 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2013-01-08 17:11:55 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2013-01-08 17:11:55 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-01-08 17:11:53 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-01-08 17:11:51 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2013-01-08 17:11:49 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2013-01-08 17:11:49 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-01-08 17:11:48 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2013-01-08 17:11:48 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-01-08 17:11:46 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2013-01-08 17:11:46 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-01-08 17:11:45 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2013-01-08 17:11:44 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2013-01-08 17:11:44 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-01-08 17:11:42 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2013-01-08 17:11:41 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2013-01-08 17:11:41 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-01-08 17:11:40 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2013-01-08 17:11:39 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-01-08 17:11:38 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2013-01-08 17:11:38 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-01-08 17:11:36 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2013-01-08 10:06:06 ----D---- C:\Users\Dom\AppData\Roaming\Podatnik.info 2013-01-08 09:58:32 ----D---- C:\Program Files (x86)\Podatnik.info Sp z o.o 2013-01-05 14:55:21 ----D---- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner 2013-01-05 14:54:51 ----D---- C:\Program Files (x86)\Wise 2013-01-05 02:36:44 ----A---- C:\Windows\SysWOW64\aswBoot.exe 2013-01-05 02:36:44 ----A---- C:\Windows\avastSS.scr 2013-01-05 01:54:35 ----D---- C:\Program Files (x86)\SerenityGamerZ 2013-01-05 00:32:37 ----D---- C:\Users\Dom\AppData\Roaming\SendSpace 2013-01-05 00:32:20 ----D---- C:\Program Files (x86)\Optimizer Pro 2013-01-05 00:32:07 ----D---- C:\Program Files (x86)\BrowseToSave 2013-01-05 00:32:02 ----D---- C:\ProgramData\Browse2save 2013-01-05 00:31:43 ----D---- C:\ProgramData\InstallMate 2013-01-02 18:42:57 ----D---- C:\Users\Dom\AppData\Roaming\Mozilla 2013-01-02 18:42:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-02 18:38:18 ----D---- C:\Windows\SysWOW64\searchplugins 2013-01-02 18:38:18 ----D---- C:\Windows\SysWOW64\Extensions 2012-12-31 14:22:54 ----D---- C:\Users\Dom\AppData\Roaming\ObviousIdea 2012-12-31 14:21:54 ----D---- C:\Program Files (x86)\Babylon 2012-12-31 14:20:46 ----D---- C:\Program Files (x86)\ObviousIdea 2012-12-30 23:19:49 ----D---- C:\ProgramData\AVG2013 2012-12-30 23:15:58 ----D---- C:\ProgramData\MFAData 2012-12-30 21:42:15 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2012-12-30 18:08:47 ----D---- C:\Users\Dom\AppData\Roaming\Skype 2012-12-30 18:08:32 ----RD---- C:\Program Files (x86)\Skype 2012-12-30 18:08:32 ----D---- C:\Program Files (x86)\Common Files\Skype 2012-12-30 18:08:05 ----D---- C:\ProgramData\Skype 2012-12-30 17:56:15 ----D---- C:\Program Files (x86)\Cheat Engine 6.2 2012-12-30 13:51:28 ----A---- C:\Windows\SysWOW64\libmysql41.dll 2012-12-30 13:51:28 ----A---- C:\Windows\SysWOW64\libmysql40.dll 2012-12-30 13:51:28 ----A---- C:\Windows\SysWOW64\libmysql323.dll 2012-12-30 13:51:28 ----A---- C:\Windows\SysWOW64\libmysql320.dll 2012-12-25 14:13:47 ----D---- C:\Downloads 2012-12-20 17:07:08 ----N---- C:\bootsqm.dat 2012-12-20 17:05:43 ----SHD---- C:\found.002 2012-12-19 09:15:39 ----D---- C:\ProgramData\IObit 2012-12-19 09:15:38 ----D---- C:\Program Files (x86)\IObit 2012-12-18 14:14:07 ----A---- C:\Windows\SysWOW64\secustat.dat 2012-12-18 14:05:57 ----A---- C:\Windows\SysWOW64\gamelsp.dll 2012-12-18 13:50:33 ----A---- C:\Windows\SysWOW64\secushr.dat 2012-12-18 13:49:54 ----A---- C:\Windows\emcore.INI 2012-12-18 13:46:08 ----D---- C:\Users\Dom\AppData\Roaming\FlashgetSetup 2012-12-18 13:46:08 ----D---- C:\Users\Dom\AppData\Roaming\BITS 2012-12-18 13:45:56 ----D---- C:\Users\Dom\AppData\Roaming\FlashGetBHO 2012-12-18 13:45:52 ----D---- C:\Users\Dom\AppData\Roaming\FlashGet 2012-12-18 13:45:52 ----D---- C:\Program Files (x86)\FlashGet Network 2012-12-16 14:46:23 ----D---- C:\Users\Dom\AppData\Roaming\Proxifier 2012-12-16 14:46:13 ----A---- C:\Windows\SysWOW64\SPORDER.DLL 2012-12-16 14:46:13 ----A---- C:\Windows\SysWOW64\PrxerNsp.dll 2012-12-16 14:46:13 ----A---- C:\Windows\SysWOW64\PrxerDrv.dll 2012-12-16 14:46:13 ----A---- C:\Windows\SysWOW64\ProxifierShellExt.dll 2012-12-16 14:46:12 ----D---- C:\Program Files (x86)\Proxifier 2012-12-14 11:37:30 ----D---- C:\ProgramData\3DMGAME 2012-12-13 18:35:09 ----D---- C:\ProgramData\Connectify 2012-12-12 00:34:23 ----D---- C:\Users\Dom\AppData\Roaming\YourFileDownloader 2012-12-12 00:34:23 ----D---- C:\Program Files (x86)\YourFileDownloader 2012-12-12 00:30:33 ----D---- C:\ProgramData\Microsoft Help 2012-12-11 19:36:12 ----D---- C:\Program Files (x86)\LogMeIn Hamachi 2012-12-06 14:51:45 ----D---- C:\ProgramData\RELOADED 2012-12-06 11:47:11 ----D---- C:\Windows\SysWOW64\directx 2012-11-30 14:22:45 ----D---- C:\Program Files (x86)\AutoIt3 2012-11-29 17:57:56 ----A---- C:\Windows\SysWOW64\libmysql_c.dll 2012-11-18 10:51:32 ----D---- C:\Users\Dom\AppData\Roaming\Aidem Media 2012-11-14 21:48:42 ----D---- C:\Program Files (x86)\NCSoft 2012-11-14 09:43:00 ----D---- C:\Users\Dom\AppData\Roaming\PC Suite 2012-11-14 09:42:59 ----D---- C:\Users\Dom\AppData\Roaming\Nokia 2012-11-14 09:42:59 ----D---- C:\ProgramData\PC Suite 2012-11-14 09:40:41 ----D---- C:\Program Files (x86)\PC Connectivity Solution 2012-11-14 09:40:10 ----D---- C:\Program Files (x86)\Nokia 2012-11-14 09:39:11 ----D---- C:\ProgramData\Installations 2012-11-07 17:21:26 ----D---- C:\Users\Dom\AppData\Roaming\Bioshock 2012-11-07 17:21:21 ----RHD---- C:\Users\Dom\AppData\Roaming\SecuROM 2012-11-07 02:40:22 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe 2012-11-07 02:40:16 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe 2012-11-07 02:35:25 ----D---- C:\Users\Dom\AppData\Roaming\Leadertech 2012-11-07 02:26:07 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2012-11-07 02:26:07 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2012-11-07 02:26:06 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2012-11-07 02:26:05 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2012-11-07 02:26:05 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2012-11-07 02:26:02 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2012-11-07 02:26:01 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2012-11-07 02:25:59 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2012-11-07 02:25:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2012-11-07 02:25:56 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2012-11-07 02:25:56 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2012-11-07 02:25:54 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2012-11-07 02:25:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2012-11-07 02:25:51 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2012-11-07 02:25:50 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2012-11-07 02:25:50 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2012-11-07 02:25:49 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2012-11-07 02:25:48 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2012-11-07 02:25:46 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2012-11-07 02:25:46 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2012-11-07 02:25:45 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2012-11-07 02:25:43 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2012-11-07 02:25:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2012-11-07 02:25:40 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2012-11-07 02:25:39 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2012-11-07 02:25:39 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2012-11-07 02:25:38 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2012-11-07 02:25:35 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2012-11-07 02:25:35 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2012-11-07 02:25:33 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2012-11-07 02:25:32 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2012-11-07 02:25:31 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2012-11-07 02:25:30 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2012-11-07 02:25:30 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2012-11-07 02:25:29 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2012-11-07 02:25:22 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2012-11-07 02:25:20 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2012-11-07 02:25:20 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2012-11-07 02:25:19 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2012-11-07 02:25:16 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2012-11-07 02:25:14 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2012-11-07 02:25:12 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2012-11-07 02:25:11 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2012-11-07 02:25:09 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2012-11-05 14:17:37 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2012-11-01 10:13:49 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-10-23 13:16:50 ----D---- C:\Users\Dom\AppData\Roaming\marcinc 2012-10-23 13:12:56 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-10-23 13:12:56 ----A---- C:\Windows\SysWOW64\javaw.exe 2012-10-23 13:12:56 ----A---- C:\Windows\SysWOW64\java.exe 2012-10-22 23:05:16 ----D---- C:\Program Files (x86)\PHP 2012-10-15 11:17:14 ----D---- C:\Users\Dom\AppData\Roaming\FarmHelper 2012-10-15 10:51:49 ----D---- C:\Users\Dom\AppData\Roaming\SFBot ======List of files/folders modified in the last 3 months====== 2013-01-12 02:22:34 ----D---- C:\Windows\Temp 2013-01-12 02:22:22 ----RD---- C:\Program Files (x86) 2013-01-12 01:22:36 ----D---- C:\Program Files (x86)\TunnelBear 2013-01-11 23:41:49 ----D---- C:\Windows\SysWOW64\drivers 2013-01-11 21:04:17 ----A---- C:\Windows\SysWOW64\log.txt 2013-01-11 21:02:45 ----D---- C:\Windows 2013-01-11 17:21:42 ----D---- C:\Windows\inf 2013-01-11 16:07:09 ----SHD---- C:\System Volume Information 2013-01-11 15:34:00 ----D---- C:\Users\Dom\AppData\Roaming\uTorrent 2013-01-11 15:04:29 ----HD---- C:\ProgramData 2013-01-11 14:58:16 ----D---- C:\Windows\Prefetch 2013-01-10 10:25:58 ----D---- C:\Windows\Tasks 2013-01-10 08:56:43 ----D---- C:\Windows\System32 2013-01-08 17:12:20 ----D---- C:\Windows\SysWOW64 2013-01-08 17:11:03 ----RSD---- C:\Windows\assembly 2013-01-08 17:09:16 ----D---- C:\Windows\Logs 2013-01-08 09:58:57 ----SHD---- C:\Windows\Installer 2013-01-08 09:58:57 ----SHD---- C:\Config.Msi 2013-01-05 15:19:49 ----D---- C:\Windows\SoftwareDistribution 2013-01-05 15:15:30 ----D---- C:\Windows\debug 2013-01-05 14:57:41 ----SHD---- C:\found.001 2013-01-05 14:57:41 ----SHD---- C:\found.000 2013-01-05 14:57:40 ----D---- C:\Program Files (x86)\DDFinal 2013-01-05 14:56:39 ----D---- C:\Windows\Panther 2013-01-05 14:56:39 ----D---- C:\Windows\ModemLogs 2013-01-05 14:56:39 ----D---- C:\Windows\Downloaded Program Files 2013-01-05 02:40:43 ----RD---- C:\Program Files 2013-01-05 02:36:27 ----D---- C:\ProgramData\AVAST Software 2013-01-05 01:49:11 ----SD---- C:\Users\Dom\AppData\Roaming\Microsoft 2013-01-05 01:11:39 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-01-04 18:13:16 ----D---- C:\Users\Dom\AppData\Roaming\TS3Client 2012-12-30 23:35:55 ----D---- C:\Windows\Minidump 2012-12-30 18:08:32 ----D---- C:\Program Files (x86)\Common Files 2012-12-25 16:07:01 ----RSD---- C:\Windows\Fonts 2012-12-20 13:21:44 ----D---- C:\Program Files (x86)\RelevantKnowledge 2012-12-20 12:53:22 ----D---- C:\Users\Dom\AppData\Roaming\GG 2012-12-20 12:51:12 ----D---- C:\Program Files (x86)\SpeedyDrive 2012-12-16 17:25:41 ----D---- C:\Users\Dom\AppData\Roaming\SoftGrid Client 2012-12-13 18:30:38 ----D---- C:\Program Files (x86)\uTorrent 2012-12-12 19:43:30 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-30 19:45:23 ----D---- C:\Users\Dom\AppData\Roaming\CoreFTP 2012-11-30 14:22:51 ----D---- C:\Windows\ShellNew 2012-11-29 17:57:53 ----D---- C:\Program Files (x86)\PremiumSoft 2012-11-27 21:03:31 ----D---- C:\Users\Dom\AppData\Roaming\GHISLER 2012-11-27 20:34:20 ----D---- C:\Users\Dom\AppData\Roaming\FileZilla 2012-11-17 20:28:03 ----D---- C:\Windows\Microsoft.NET 2012-11-14 14:09:31 ----D---- C:\Program Files (x86)\Steam 2012-11-14 14:06:34 ----D---- C:\Program Files (x86)\Common Files\Steam 2012-11-14 13:54:49 ----D---- C:\Program Files (x86)\Gadu-Gadu 10 2012-11-02 21:31:18 ----D---- C:\Users\Dom\AppData\Roaming\DMCache 2012-11-01 09:20:34 ----D---- C:\Program Files (x86)\Electronic Arts 2012-11-01 09:20:09 ----D---- C:\Program Files (x86)\Metin2pl 2012-11-01 09:20:03 ----D---- C:\Program Files (x86)\Metin2 Singapore 2012-10-27 16:43:43 ----D---- C:\ProgramData\Real 2012-10-27 16:43:36 ----D---- C:\Users\Dom\AppData\Roaming\Real 2012-10-26 18:15:23 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2012-10-26 18:13:27 ----D---- C:\Windows\SysWOW64\en-US 2012-10-23 13:12:56 ----D---- C:\Program Files (x86)\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 FBIOSDRV;Fujitsu BIOS Driver; C:\Windows\System32\Drivers\FBIOSDRV.sys [] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [] R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys [] R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys [] R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys [] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys [] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [] R3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [] R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [] R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [] R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\Windows\system32\DRIVERS\FUJ02B1.sys [] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\Windows\system32\drivers\FUJ02E3.sys [] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [] R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [] R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [] R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [] R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [] S3 ATP;Comodo Unite Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [] S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [] S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [] S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [] S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [] S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [] S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-02-23 44768] R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088] R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-01-05 1515792] R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168] R2 PFNService;PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776] R2 PowerSavingUtilityService;PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-01-05 836880] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-13 2143552] R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 136176] S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-10 115760] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2012-05-15 4295288] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-14 529744] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S4 NetMsmqActivator;@C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696] S4 NetPipeActivator;@C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696] S4 NetTcpActivator;@C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696] S4 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF----------------- [/log]
Natsuki Kuga komentarz 12 stycznia 2013 komentarz 12 stycznia 2013 Wylistowanie plików z ostatnich 60 dni wystarczy.1. Zaktualizuj wymienione pozycje do najnowszych wersji: Java™ 6 Update 24 Mozilla Firefox 18.0 (x86 pl) 2. Odinstaluj McAfee Security Scan.3. Do OTL wklej: [spoiler] :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/ IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0004c809354accd IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms} IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0004c809354accd IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms} FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaulturl: "http://websearch.jus...se.info/?l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://websearch.jus...se.info/?l=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "WebSearch" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.startup.homepage: "http://websearch.just-browse.info/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://websearch.jus...se.info/?l=1&q=" FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2012/12/31 14:22:00 | 000,000,000 | ---D | M] [2013/01/05 00:32:48 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions\50e76b2c4f976@50e76b2c4f9af.com [2013/01/05 00:32:34 | 000,000,556 | ---- | M] () -- C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\searchplugins\WebSearch.xml [2012/11/24 20:12:52 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml CHR - homepage: http://websearch.just-browse.info/ CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = http://websearch.jus...q={searchTerms} CHR - default_search_provider: suggest_url = http://websearch.jus...q={searchTerms} CHR - homepage: http://websearch.just-browse.info/ O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk = File not found O33 - MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\Shell - "" = AutoRun O33 - MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta :Files C:\Program Files (x86)\Babylon C:\ProgramData\Browse2save C:\Program Files (x86)\BrowseToSave C:\Users\Dom\wgsdgsdgdsgsd.dll C:\ProgramData\dsgsdgdsgdsgw.pad C:\Users\Dom\tiuopu.exe C:\Program Files (x86)\RelevantKnowledge [/spoiler]Wykonaj skrypt, pokaż raport.4. Użyj AdwCleaner z opcji Delete. Pokaż raport.5. Podepnij wszystkie pamięci przenośne jakie posiadasz i użyj USBFix z opcji Deletion. Pokaż raport.6. Po zrobieniu wszystkiego wykonaj nowy zestaw logów.
daro99 komentarz 12 stycznia 2013 Autor komentarz 12 stycznia 2013 (edytowane) Przeszedlem do 3 punktu i : http://imageshack.us/f/688/trojanotl.png/ + do tego wkleilem skrypt ktory ty mi dales to po zrestartowaniu kompa mam czarny ekran, musze wlaczac menardzer zadan i wylaczac jakies cos, bo bym mial caly czas czarny ekran po wklejeniu skryptu : [log]========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Prefs.js: "WebSearch" removed from browser.search.defaultenginename Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S Prefs.js: "http://websearch.jus...se.info/?l=1&q=" removed from browser.search.defaulturl Prefs.js: "WebSearch" removed from browser.search.order.1 Prefs.js: S", "WebSearch" removed from browser.search.order.1,S Prefs.js: "WebSearch" removed from browser.search.selectedEngine Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 removed from extensions.enabledAddons Prefs.js: "http://websearch.jus...se.info/?l=1&q=" removed from keyword.URL Prefs.js: "WebSearch" removed from sweetim.toolbar.previous.browser.search.defaultenginename Prefs.js: "WebSearch" removed from sweetim.toolbar.previous.browser.search.selectedEngine Prefs.js: "http://websearch.just-browse.info/" removed from browser.startup.homepage Prefs.js: "http://websearch.jus...se.info/?l=1&q=" removed from sweetim.toolbar.previous.keyword.URL Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com not found. File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com not found. Folder C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions\50e76b2c4f976@50e76b2c4f9af.com\ not found. File C:\Users\Dom\AppData\Roaming\mozilla\firefox\profiles\xmwk5cuo.default\searchplugins\WebSearch.xml not found. File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to change the HomePage. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk scheduled to be moved on reboot. File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk scheduled to be moved on reboot. File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk scheduled to be moved on reboot. File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41eb6bbb-f41d-11e1-bdca-de02d1722adf}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found. ========== FILES ========== File\Folder C:\Program Files (x86)\Babylon not found. File\Folder C:\ProgramData\Browse2save not found. File\Folder C:\Program Files (x86)\BrowseToSave not found. File\Folder C:\Users\Dom\wgsdgsdgdsgsd.dll not found. File\Folder C:\ProgramData\dsgsdgdsgdsgw.pad not found. File\Folder C:\Users\Dom\tiuopu.exe not found. File\Folder C:\Program Files (x86)\RelevantKnowledge not found. OTL by OldTimer - Version 3.2.69.0 log created on 01132013_005614 Files\Folders moved on Reboot... File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk not found! File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk not found! File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk not found! File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... [/log] A to z Adw : [log]# AdwCleaner v2.105 - Log utworzony 13/01/2013 o 00:35:59 # Aktualizacja 08/01/2013 przez Xplode # System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits) # Użytkownik : Dom - DOM-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : C:\Users\Dom\Downloads\adwcleaner_www.INSTALKI.pl.exe # Opcja [Usuń] ***** [Usługi] ***** Zatrzymano & Usunięto : RelevantKnowledge ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Program Files (x86)\Babylon Folder Usunięto : C:\Program Files (x86)\Conduit Folder Usunięto : C:\Program Files (x86)\RelevantKnowledge Folder Usunięto : C:\Program Files (x86)\yourfiledownloader Folder Usunięto : C:\Program Files\Babylon Folder Usunięto : C:\ProgramData\InstallMate Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge Folder Usunięto : C:\ProgramData\Partner Folder Usunięto : C:\ProgramData\Tarma Installer Folder Usunięto : C:\Users\Dom\AppData\Local\Conduit Folder Usunięto : C:\Users\Dom\AppData\LocalLow\Conduit Folder Usunięto : C:\Users\Dom\AppData\LocalLow\Toolbar4 Folder Usunięto : C:\Users\Dom\AppData\Roaming\OpenCandy Folder Usunięto : C:\Users\Dom\AppData\Roaming\yourfiledownloader Plik Usunięto : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Plik Usunięto : C:\user.js Plik Usunięto : C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xmwk5cuo.default\searchplugins\WebSearch.xml ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\AppDataLow\Software\Smart Suggestor Klucz Usunięto : HKCU\Software\AppDataLow\Software\SmartBar Klucz Usunięto : HKCU\Software\AppDataLow\SProtector Klucz Usunięto : HKCU\Software\Conduit Klucz Usunięto : HKCU\Software\DataMngr Klucz Usunięto : HKCU\Software\DataMngr_Toolbar Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\a53ddd8e56fef40 Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\Software\DataMngr Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Klucz Usunięto : HKLM\Software\SP Global Klucz Usunięto : HKLM\Software\SProtector Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\a53ddd8e56fef40 Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\demmlacpnijjgliknaehpamnnbncnodb Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Tarma Installer Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wartość Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Wartość Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v9.0.8112.16448 Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110824&tt=4712_5&babsrc=HP_ss&mntrId=ae31ac310000000000004c809354accd --> hxxp://www.google.com Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=f789b49d-d7d0-4252-b1e6-e9222ac6740b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Podmieniono : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/ --> hxxp://www.google.com -\\ Mozilla Firefox v18.0 (pl) Plik : C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xmwk5cuo.default\prefs.js Usunięto : user_pref("aol_toolbar.default.homepage.check", false); Usunięto : user_pref("aol_toolbar.default.search.check", false); Usunięto : user_pref("browser.search.defaultenginename", "WebSearch"); Usunięto : user_pref("browser.search.defaultenginename,S", "WebSearch"); Usunięto : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?l=1&q="); Usunięto : user_pref("browser.search.order.1", "WebSearch"); Usunięto : user_pref("browser.search.order.1,S", "WebSearch"); Usunięto : user_pref("browser.search.selectedEngine", "WebSearch"); Usunięto : user_pref("browser.search.selectedEngine,S", "WebSearch"); Usunięto : user_pref("extensions.BabylonToolbar.prtkDS", 0); Usunięto : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Usunięto : user_pref("keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q="); Usunięto : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch"); Usunięto : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch"); Usunięto : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.just-browse.info/")[...] Usunięto : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.just-browse.info/?l=1&q="); Usunięto : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); Usunięto : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); Usunięto : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Usunięto : user_pref("sweetim.toolbar.searchguard.enable", "false"); -\\ Google Chrome v23.0.1271.97 Plik : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Preferences Usunięto [l.13] : homepage = "hxxp://websearch.just-browse.info/", Usunięto [l.17] : urls_to_restore_on_startup = [ "hxxp://websearch.just-browse.info/" ] Usunięto [l.53] : icon_url = "hxxp://websearch.just-browse.info/favicon.ico", Usunięto [l.56] : keyword = "websearch", Usunięto [l.59] : search_url = "hxxp://websearch.just-browse.info/?l=1&q={searchTerms}", Usunięto [l.60] : suggest_url = "hxxp://websearch.just-browse.info/?l=1&q={searchTerms}" Usunięto [l.1936] : homepage = "hxxp://websearch.just-browse.info/", Usunięto [l.2212] : urls_to_restore_on_startup = [ "hxxp://websearch.just-browse.info/" ] ************************* AdwCleaner[S1].txt - [9229 octets] - [13/01/2013 00:35:59] ########## EOF - C:\AdwCleaner[S1].txt - [9289 octets] ########## [/log] Nie mam pamieci usb Nowy zestaw logow : OTL: [log]OTL logfile created on: 1/13/2013 1:03:47 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.55% Memory free 7.83 Gb Paging File | 6.15 Gb Available in Paging File | 78.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 37.23 Gb Free Space | 37.23% Space Free | Partition Type: NTFS Drive D: | 177.46 Gb Total Space | 53.30 Gb Free Space | 30.03% Space Free | Partition Type: NTFS Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013/01/12 01:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe PRC - [2013/01/10 23:04:29 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/01/10 23:04:25 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2012/12/12 19:43:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/01/04 13:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010/11/03 19:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013/01/12 01:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Downloads\OTL.exe MOD - [2013/01/10 23:04:29 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013/01/10 23:04:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013/01/10 23:04:28 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013/01/10 23:04:28 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013/01/10 23:04:27 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 23:04:27 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013/01/10 23:04:27 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013/01/10 23:04:27 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013/01/10 23:04:26 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013/01/10 23:04:26 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013/01/10 23:04:26 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013/01/10 23:04:26 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013/01/10 23:04:26 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013/01/10 23:04:26 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013/01/10 23:04:26 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013/01/10 23:04:25 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013/01/10 23:04:25 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013/01/10 23:04:25 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013/01/10 23:04:25 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe MOD - [2013/01/10 23:04:24 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013/01/10 23:04:24 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2013/01/03 11:42:08 | 000,042,840 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\defs\13011201\uiext.dll MOD - [2012/12/12 19:43:30 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe MOD - [2012/12/12 19:43:28 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/11/29 09:25:45 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012/11/29 09:25:45 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012/11/22 18:57:06 | 000,070,248 | ---- | M] (Initex) -- C:\Windows\SysWOW64\PrxerDrv.dll MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll MOD - [2012/07/03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2012/06/29 01:27:10 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012/06/29 01:09:32 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012/06/29 01:09:01 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012/06/29 01:01:33 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012/06/04 11:28:38 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll MOD - [2012/06/04 11:28:25 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll MOD - [2012/06/04 11:28:25 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll MOD - [2012/06/02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2012/06/02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2012/06/02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2012/05/05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2012/04/24 05:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2012/03/03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2012/03/01 06:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012/02/23 17:23:34 | 000,227,608 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\uiLangRes.dll MOD - [2012/02/23 17:23:34 | 000,095,232 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\1045\Base.dll MOD - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe MOD - [2012/02/23 17:23:21 | 004,673,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\CommonRes.dll MOD - [2012/02/23 17:23:20 | 000,210,080 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2012/02/23 17:23:17 | 000,399,088 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswSqLt.dll MOD - [2012/02/23 17:23:17 | 000,027,264 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswUtil.dll MOD - [2012/02/23 17:23:16 | 000,216,760 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswLog.dll MOD - [2012/02/23 17:23:16 | 000,213,176 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2012/02/23 17:23:16 | 000,120,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll MOD - [2012/02/23 17:23:15 | 002,111,448 | ---- | M] (AVAST! Software) -- C:\Program Files\AVAST Software\Avast\aswAra.dll MOD - [2012/02/23 17:23:15 | 000,682,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll MOD - [2012/02/23 17:23:14 | 000,337,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll MOD - [2012/02/23 17:23:14 | 000,184,872 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswData.dll MOD - [2012/02/23 17:23:14 | 000,164,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll MOD - [2012/02/23 17:23:14 | 000,098,864 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll MOD - [2012/02/23 17:23:14 | 000,050,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll MOD - [2012/02/23 17:23:13 | 000,405,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll MOD - [2012/02/23 17:23:13 | 000,153,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll MOD - [2012/02/23 17:23:13 | 000,062,272 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTaskEx.dll MOD - [2012/02/23 17:23:10 | 000,345,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll MOD - [2012/02/23 17:23:10 | 000,097,816 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll MOD - [2012/01/04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2011/12/16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2011/11/17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2011/08/27 05:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2011/08/27 05:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2011/07/16 05:24:22 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2011/05/24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2011/05/24 11:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2011/05/24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2011/04/15 02:48:12 | 012,297,216 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll MOD - [2011/04/12 02:40:48 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2011/04/12 02:40:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2011/03/03 06:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2011/02/19 23:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll MOD - [2011/02/19 00:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll MOD - [2010/11/21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010/11/21 04:24:51 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bthprops.cpl MOD - [2010/11/21 04:24:50 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wshbth.dll MOD - [2010/11/21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010/11/21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010/11/21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010/11/21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010/11/21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010/11/21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010/11/21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010/11/21 04:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2010/11/21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010/11/21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010/11/21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010/11/21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010/11/21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010/11/21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010/11/21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010/11/21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010/11/21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010/11/21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2010/11/21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010/11/21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010/11/21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2010/11/21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2010/11/21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010/11/21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010/11/21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010/11/21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010/11/21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010/11/21 04:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2010/11/21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010/11/21 04:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010/11/21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010/11/21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010/11/21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010/11/21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010/11/21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010/11/21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010/11/21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010/11/21 04:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010/11/21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010/11/21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010/11/21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010/11/21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2010/11/03 19:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe MOD - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe MOD - [2010/09/30 02:05:32 | 000,038,512 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\BrightMgr.dll MOD - [2010/09/30 02:05:32 | 000,036,464 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\VFuj02b1.dll MOD - [2010/09/30 02:05:32 | 000,020,080 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\fuj02b1.dll MOD - [2010/09/21 22:03:14 | 000,145,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009/07/14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009/07/14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009/07/14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009/07/14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/07/14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009/07/14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009/07/14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009/07/14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009/07/14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009/07/14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009/07/14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009/07/14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009/07/14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009/07/14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009/07/14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009/07/14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009/07/14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009/07/14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009/07/14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009/07/14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009/07/14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009/07/14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009/07/14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009/07/14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009/07/14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009/07/14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009/07/14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009/07/14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009/07/14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009/07/14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009/07/14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009/07/14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009/07/14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2008/10/15 05:22:52 | 000,452,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx10_40.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2011/01/05 21:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2011/01/05 21:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2011/01/05 21:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2010/10/07 23:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:[b]64bit:[/b] - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/06/17 23:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/01/10 23:04:27 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/12 19:43:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/11/14 14:04:49 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/18 08:44:21 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock) SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/05/15 20:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/04/13 09:17:10 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/03 20:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010/11/03 20:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010/11/03 19:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2012/07/13 09:01:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012/06/11 11:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/23 17:12:43 | 000,817,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012/02/23 17:12:42 | 000,335,704 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012/02/23 17:11:04 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012/02/23 17:10:43 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012/02/23 17:10:38 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012/02/23 17:10:19 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012/01/09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:[b]64bit:[/b] - [2012/01/09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2012/01/09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:[b]64bit:[/b] - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2012/01/09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011/12/15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011/04/15 03:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/03/24 05:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:[b]64bit:[/b] - [2011/03/24 05:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2011/03/24 05:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011/01/04 03:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2010/12/28 19:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/11/04 13:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2010/11/04 11:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:[b]64bit:[/b] - [2010/10/20 02:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010/10/09 13:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2010/05/07 03:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009/11/19 13:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/24 06:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2006/11/01 11:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:[b]64bit:[/b] - [2006/11/01 11:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012/03/29 14:55:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{44E64640-79DC-4EDB-A142-148282A6B88D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{44E64640-79DC-4EDB-A142-148282A6B88D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 23570767 IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 147.102.16.69:3128 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dom\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 10:15:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/05 02:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 23:04:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 23:04:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 23:04:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 23:04:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Dom\AppData\Roaming\IDM\idmmzcc3 [2013/01/02 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Extensions [2013/01/13 00:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\xmwk5cuo.default\Extensions [2013/01/10 23:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/10 23:04:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 11:00:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012/11/29 11:00:09 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012/11/29 11:00:09 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012/11/29 11:00:09 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012/11/29 11:00:09 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/11/29 11:00:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dom\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: Proxy Switchy! = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\ CHR - Extension: Truck Simulator Games = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\ CHR - Extension: Truck Simulator Games = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkaapdgobfkddbmbagoehodkgbknlhc\1.8_0\.bak CHR - Extension: Browse2save = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbfhopckfgpnpegccojniaelnihenpm\1\ CHR - Extension: Don't Starve = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\ CHR - Extension: avast! WebRep = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Clash of the Dragons = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmdphihkopbepogaialenmgoacnpmffo\1.1_0\ CHR - Extension: Adres IP = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcijdkkommbhnpohidhdpkhendgcpamf\0.4_0\ CHR - Extension: Simple Startup Password = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc\1.0_0\ CHR - Extension: Fishing Champion = C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcdplgchgghnahkmoeibomjpbikclka\2.0_0\ O1 HOSTS File: ([2010/09/11 16:19:05 | 000,000,732 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Dom\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:[b]64bit:[/b] - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8:[b]64bit:[/b] - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm () O8:[b]64bit:[/b] - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm () O8:[b]64bit:[/b] - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm () O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm () O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\PrxerNsp.dll () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2848B855-D0DD-43E7-BD1E-895ADA4300FF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5EE4F17-47DE-401E-AD42-715828982B42}: DhcpNameServer = 8.8.8.8 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\flashget3.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:[b]64bit:[/b] - HKLM IFEO\unite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\flashget3.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\unite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell - "" = AutoRun O33 - MountPoints2\{ab24e615-ccbe-11e1-b9c4-5c9ad85e122e}\Shell\AutoRun\command - "" = F:\AidemMediaSplash.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013/01/13 00:43:38 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/13 00:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/01/12 02:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2013/01/12 02:22:22 | 000,000,000 | ---D | C] -- C:\rsit [2013/01/11 17:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear [2013/01/11 17:21:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear [2013/01/11 15:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013/01/10 23:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/08 10:06:06 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Podatnik.info [2013/01/08 09:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program PIT 2012-2013 [2013/01/08 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podatnik.info Sp z o.o [2013/01/05 20:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EGCabal Online [2013/01/05 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner [2013/01/05 14:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner [2013/01/05 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise [2013/01/05 02:37:17 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/01/05 02:37:17 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/01/05 02:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/01/05 02:37:14 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/01/05 02:37:11 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/01/05 02:37:08 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/01/05 02:37:07 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/01/05 02:36:44 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013/01/05 02:36:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/01/05 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/01/05 01:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerenityGamerZ [2013/01/05 01:44:12 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Avg2013 [2013/01/05 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\SendSpace [2013/01/05 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013/01/02 18:42:57 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Mozilla [2013/01/02 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/01/02 18:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/01/02 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Raiderz [2013/01/02 10:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaiderZ [2012/12/31 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\ObviousIdea [2012/12/31 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ObviousIdea [2012/12/30 23:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\MFAData [2012/12/30 23:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/12/30 21:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/12/30 18:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Skype [2012/12/30 18:08:32 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/12/30 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/12/30 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/12/30 17:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2012/12/30 17:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2012/12/25 16:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Asiasoft [2012/12/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Downloads [2012/12/20 17:05:43 | 000,000,000 | -HSD | C] -- C:\found.002 [2012/12/19 09:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/12/19 09:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2012/12/18 14:05:57 | 000,126,336 | ---- | C] (Copyright (C) GameCap) -- C:\Windows\SysWow64\gamelsp.dll [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashgetSetup [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2012/12/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\BITS [2012/12/18 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashGetBHO [2012/12/18 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network [2012/12/18 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlashGet [2012/12/16 14:46:23 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Proxifier [2012/12/16 14:46:13 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll [2012/12/16 14:46:13 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2012/12/16 14:46:13 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll [2012/12/16 14:46:13 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2012/12/16 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2012/12/16 14:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2012/12/14 11:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME [2012/12/13 18:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify [2012/12/13 18:33:35 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012/12/12 00:30:33 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Microsoft Help [2012/12/12 00:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012/12/11 19:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/12/11 19:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/12/06 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012/12/06 14:41:55 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Programs [2012/12/06 11:47:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012/11/30 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 [2012/11/30 14:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3 [2012/11/29 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft [2012/11/28 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\bin [2012/11/28 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\.snap [2012/11/28 00:58:33 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Metin2Tools [2012/11/26 16:32:37 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Nowy folder (2) [2012/11/24 20:14:39 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\LogMeIn Hamachi [2012/11/18 10:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AidemMedia [2012/11/18 10:51:32 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Aidem Media [2012/11/14 21:49:22 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\assembly [2012/11/14 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft [2012/11/14 10:14:05 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nokia [2012/11/14 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Nokia [2012/11/14 09:43:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\PC Suite [2012/11/14 09:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012/11/14 09:42:59 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Nokia [2012/11/14 09:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/11/14 09:41:02 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012/11/14 09:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012/11/14 09:40:12 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll [2012/11/14 09:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012/11/14 09:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013/01/13 01:04:45 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 01:04:45 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 00:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/13 00:45:28 | 000,167,875 | ---- | M] () -- C:\Users\Dom\Desktop\trojan otl.png [2013/01/11 17:21:03 | 000,001,008 | ---- | M] () -- C:\Users\Dom\Desktop\TunnelBear.lnk [2013/01/11 15:15:50 | 000,222,409 | ---- | M] () -- C:\Users\Dom\Desktop\11111.jpg [2013/01/10 08:56:43 | 001,667,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/10 08:56:43 | 000,739,664 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013/01/10 08:56:43 | 000,653,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/10 08:56:43 | 000,155,484 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013/01/10 08:56:43 | 000,121,788 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/08 09:58:33 | 000,002,651 | ---- | M] () -- C:\Users\Public\Desktop\Program PIT 2012-2013.lnk [2013/01/06 17:55:10 | 000,377,600 | ---- | M] () -- C:\Users\Dom\Desktop\haha.jpg [2013/01/05 14:54:52 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk [2013/01/05 14:39:35 | 000,262,676 | ---- | M] () -- C:\Users\Dom\Desktop\pppppp.jpg [2013/01/05 02:37:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/01/05 02:30:37 | 000,001,695 | ---- | M] () -- C:\Users\Dom\Desktop\SG Cabal Online — skrót.lnk [2013/01/05 01:39:31 | 000,275,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/02 18:42:50 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/02 10:25:33 | 000,000,937 | ---- | M] () -- C:\Users\Dom\Desktop\RaiderZ.lnk [2012/12/31 14:37:17 | 000,135,686 | ---- | M] () -- C:\Users\Dom\Desktop\Raiderz_Artwork3.jpg [2012/12/28 23:18:01 | 000,241,881 | ---- | M] () -- C:\Users\Dom\Desktop\p;p;p.jpg [2012/12/20 17:07:08 | 000,006,896 | ---- | M] () -- C:\bootsqm.dat [2012/12/20 12:51:30 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/20 12:43:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/20 12:21:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000UA.job [2012/12/20 12:10:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/19 18:21:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-323826620-2306945312-2335366591-1000Core.job [2012/12/18 14:14:07 | 000,000,380 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat [2012/12/18 14:05:57 | 000,126,336 | ---- | M] (Copyright (C) GameCap) -- C:\Windows\SysWow64\gamelsp.dll [2012/12/18 14:03:37 | 000,001,184 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat [2012/12/18 13:49:54 | 000,000,025 | ---- | M] () -- C:\Windows\emcore.INI [2012/12/16 14:46:13 | 000,001,025 | ---- | M] () -- C:\Users\Dom\Desktop\Proxifier.lnk [2012/12/13 18:33:35 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012/11/30 14:23:36 | 000,000,061 | ---- | M] () -- C:\Users\Dom\SciTEUser.properties [2012/11/28 13:10:26 | 000,243,018 | ---- | M] () -- C:\Users\Dom\Desktop\ttt.jpg [2012/11/22 18:57:08 | 000,103,016 | ---- | M] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll [2012/11/22 18:57:08 | 000,076,392 | ---- | M] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll [2012/11/22 18:57:08 | 000,057,448 | ---- | M] () -- C:\Windows\SysNative\PrxerNsp.dll [2012/11/22 18:57:06 | 000,091,240 | ---- | M] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2012/11/22 18:57:06 | 000,070,248 | ---- | M] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWow64\PrxerNsp.dll [2012/11/20 16:13:30 | 048,179,170 | ---- | M] () -- C:\Users\Dom\game [2012/11/14 09:44:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/11/14 09:43:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2012/11/14 09:26:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/13 00:45:28 | 000,167,875 | ---- | C] () -- C:\Users\Dom\Desktop\trojan otl.png [2013/01/11 17:21:03 | 000,001,008 | ---- | C] () -- C:\Users\Dom\Desktop\TunnelBear.lnk [2013/01/11 15:15:50 | 000,222,409 | ---- | C] () -- C:\Users\Dom\Desktop\11111.jpg [2013/01/08 09:58:33 | 000,002,651 | ---- | C] () -- C:\Users\Public\Desktop\Program PIT 2012-2013.lnk [2013/01/06 17:55:10 | 000,377,600 | ---- | C] () -- C:\Users\Dom\Desktop\haha.jpg [2013/01/05 14:54:52 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk [2013/01/05 14:39:35 | 000,262,676 | ---- | C] () -- C:\Users\Dom\Desktop\pppppp.jpg [2013/01/05 02:30:37 | 000,001,695 | ---- | C] () -- C:\Users\Dom\Desktop\SG Cabal Online — skrót.lnk [2013/01/02 18:42:50 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/02 18:42:49 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/02 10:25:34 | 000,000,937 | ---- | C] () -- C:\Users\Dom\Desktop\RaiderZ.lnk [2012/12/31 14:11:37 | 000,135,686 | ---- | C] () -- C:\Users\Dom\Desktop\Raiderz_Artwork3.jpg [2012/12/30 13:51:37 | 001,056,768 | ---- | C] () -- C:\Windows\SysNative\libmysql41.dll [2012/12/30 13:51:37 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\libmysql320.dll [2012/12/30 13:51:37 | 000,245,760 | ---- | C] () -- C:\Windows\SysNative\libmysql40.dll [2012/12/30 13:51:37 | 000,217,088 | ---- | C] () -- C:\Windows\SysNative\libmysql323.dll [2012/12/30 13:51:28 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\libmysql41.dll [2012/12/30 13:51:28 | 000,280,576 | ---- | C] () -- C:\Windows\SysWow64\libmysql320.dll [2012/12/30 13:51:28 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\libmysql40.dll [2012/12/30 13:51:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmysql323.dll [2012/12/28 23:18:01 | 000,241,881 | ---- | C] () -- C:\Users\Dom\Desktop\p;p;p.jpg [2012/12/20 17:07:08 | 000,006,896 | ---- | C] () -- C:\bootsqm.dat [2012/12/18 14:14:07 | 000,000,380 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat [2012/12/18 13:50:33 | 000,001,184 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2012/12/18 13:49:54 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI [2012/12/16 14:46:13 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll [2012/12/16 14:46:13 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll [2012/12/16 14:46:13 | 000,001,025 | ---- | C] () -- C:\Users\Dom\Desktop\Proxifier.lnk [2012/11/30 14:23:36 | 000,000,061 | ---- | C] () -- C:\Users\Dom\SciTEUser.properties [2012/11/29 17:57:56 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll [2012/11/28 13:08:37 | 000,243,018 | ---- | C] () -- C:\Users\Dom\Desktop\ttt.jpg [2012/11/20 16:13:30 | 048,179,170 | ---- | C] () -- C:\Users\Dom\game [2012/11/14 13:52:38 | 000,001,107 | ---- | C] () -- C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk [2012/11/14 09:44:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012/11/14 09:43:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2012/11/14 09:26:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/11/07 02:40:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/07 02:40:16 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/10/10 09:17:24 | 000,000,320 | ---- | C] () -- C:\Users\Dom\SciTE.session [2012/08/21 17:50:54 | 000,000,600 | ---- | C] () -- C:\Users\Dom\AppData\Local\PUTTY.RND [2012/08/20 18:46:36 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2012/08/10 10:35:27 | 000,001,638 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012/05/31 22:56:03 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012/05/31 22:56:02 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2012/05/31 22:56:02 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012/02/17 16:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Dom\abbrev.properties [2012/02/17 15:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.keywords.user.abbreviations.properties [2012/02/14 21:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Dom\au3UserAbbrev.properties [2011/05/12 08:11:47 | 001,640,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2010/03/27 16:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Dom\au3abbrev.properties [2010/01/02 22:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Dom\au3.UserUdfs.properties [2010/01/02 22:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Dom\au3.user.calltips.api [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu [2012/11/18 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Aidem Media [2012/11/08 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Bioshock [2013/01/11 12:38:55 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BITS [2012/11/30 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\CoreFTP [2012/07/13 09:05:38 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools Lite [2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DMCache [2012/08/24 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ESET [2012/10/15 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FarmHelper [2012/11/27 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FileZilla [2012/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGet [2012/12/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashGetBHO [2012/12/18 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlashgetSetup [2011/05/12 08:54:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu [2012/06/04 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Fujitsu Launch Center [2012/08/11 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu [2012/08/11 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Gadu-Gadu 10 [2013/01/12 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GG [2012/11/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\GHISLER [2012/11/07 02:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech [2012/10/23 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\marcinc [2012/09/17 18:19:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mp3DirectCut [2012/09/16 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Need for Speed World [2012/11/14 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Nokia [2012/06/27 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Notepad++ [2013/01/05 01:12:08 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ObviousIdea [2012/11/14 09:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\PC Suite [2013/01/08 10:06:06 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Podatnik.info [2012/12/16 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Proxifier [2012/08/14 05:53:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\RegistryKeys [2012/08/27 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\runic games [2013/01/05 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SendSpace [2012/10/15 10:51:49 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SFBot [2012/12/16 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SoftGrid Client [2012/09/05 00:11:05 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TeamViewer [2012/06/04 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TP [2013/01/04 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TS3Client [2012/06/06 19:55:44 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software [2013/01/12 18:53:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\uTorrent [2012/07/21 14:42:35 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Windows Live Writer [2013/01/05 17:25:01 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Wise Disk Cleaner [2012/10/11 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\WNR [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ [2012/10/23 06:12:52 | 000,000,000 | ---D | M](C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ (C:\Users\Dom\AppData\Local\?) -- C:\Users\Dom\AppData\Local\Ⴈ < End of report > [/log] Extras : [log]OTL Extras logfile created on: 1/13/2013 1:03:47 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dom\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.55% Memory free 7.83 Gb Paging File | 6.15 Gb Available in Paging File | 78.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 37.23 Gb Free Space | 37.23% Space Free | Partition Type: NTFS Drive D: | 177.46 Gb Total Space | 53.30 Gb Free Space | 30.03% Space Free | Partition Type: NTFS Computer Name: DOM-KOMPUTER | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [compress] -- C:\Program Files (x86)\KGB Archiver\kgb_arch_compress.exe "%1\" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [compress] -- C:\Program Files (x86)\KGB Archiver\kgb_arch_compress.exe "%1\" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UacDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D3C7444-1C69-4E59-916B-3BB637F4E1A1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1FDBB5DE-77A4-4BA7-BC1D-F516C4149DB1}" = lport=445 | protocol=6 | dir=in | app=system | "{5A2ABC3B-B983-4F2F-858B-4F9EEF7507B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5ABD13BD-EBB8-4544-AA23-8E1E4C19F8F7}" = rport=139 | protocol=6 | dir=out | app=system | "{651DA4E3-D290-42D8-9ECF-B1483DB6A527}" = lport=137 | protocol=17 | dir=in | app=system | "{76660C80-5B13-428B-A251-1F9A49B4ABD1}" = rport=445 | protocol=6 | dir=out | app=system | "{A049EC57-EBE1-47F6-88A2-82989EDBB2AE}" = rport=137 | protocol=17 | dir=out | app=system | "{C3642F39-5605-4E86-A500-DE31032DF621}" = lport=138 | protocol=17 | dir=in | app=system | "{C5E8D838-E07E-48EB-A5F9-147C047555DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C789ABC1-1764-4ACA-ADAB-251C5AA9AC1D}" = lport=139 | protocol=6 | dir=in | app=system | "{CC4F8A4B-119A-4038-B22E-6130FBF55D3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E92427A7-1A1E-4439-AE68-5A9408CEB32B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE217E2B-0876-4358-998C-B2EDA8CF1E6F}" = rport=138 | protocol=17 | dir=out | app=system | "{FFF96442-F3C4-4DC5-9906-6EDA5BA31E71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09C6EE5F-EDAA-4ABE-82DE-05837D1B453E}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe | "{0D59CE62-131E-4B8F-9A71-C0C128AE88AD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{2C9426FE-8493-4A8C-81A1-959C92C6F68D}" = dir=out | app=d:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{331BA8FD-73E9-4BD3-A7A9-D95235CA706D}" = dir=in | app=d:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013.exe | "{3422F8DD-4E43-4DB7-BC2F-7F68F07CB55B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{352961E2-0D49-4035-BBE4-2C68EF87222E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{501FBF96-934B-4A3F-A5B1-EF047D6123C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{79B919AC-1015-4621-A074-582B23E57719}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7AF432BC-7176-4CBB-9FAB-7767FE303046}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{7F15B47E-5BF9-491A-9201-196133556063}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{83F92B75-C9FB-4732-9CDB-CC75FE92C42D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{8D838E4A-48B5-4087-A4F4-B600F347EC11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{90F52B9F-782D-4239-9103-25F0AC00D585}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{9791E3C3-06B2-46D5-A7CD-47D3E0C35386}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A1D6C9CA-B51B-425B-AF68-4F2E6EDBF09D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pinkibezmozga\counter-strike\hl.exe | "{AD576577-7128-4F84-A1CF-E69DFFD4E14E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B1367F91-6C8E-418C-BF42-5984073A9DED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B90AC67C-7CB4-46FC-BE4E-3E02E8DE691E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{BBA329D2-460B-43BF-9EA9-357AB9F4C311}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CDCA1244-187A-433B-8948-1D139F247F41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D01BAFF6-C002-42A5-B7AA-154264ED81FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D3C24ED2-5C2C-4C39-B13F-EC9B9C52D67F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{DA61EE37-43B9-4126-9EDE-50DA17C27C82}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F25119B5-239F-41E7-BAD8-226BB8C8145C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pinkibezmozga\counter-strike\hl.exe | "{F83C19A8-2046-460E-98FB-941CE7A65F6F}" = protocol=58 | dir=in | app=system | "{FB5A1E4D-C6C5-4B26-AA8D-43B0AFB4948D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{0518DDFB-2FB0-4039-AD2C-FC0943CB5136}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{238E77E6-ADBB-4EA3-A813-7ACB2A4B298E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "TCP Query User{5971BC82-8C99-48E3-90FA-D3B77602D6B3}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=6 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin | "TCP Query User{6B341D32-27F3-4410-A00B-4B9A836FA085}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe | "UDP Query User{15658E78-0492-4C71-9DB5-8ECA9BFE3D9A}D:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin" = protocol=17 | dir=in | app=d:\downloads\software\yt2wz_lsnc_20100423\倚天2外传\metin2.bin | "UDP Query User{1A1AF71B-B5BE-4003-8068-B23E03D5668A}C:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee security scan\3.0.207\ssscheduler.exe | "UDP Query User{6A9FF406-086D-495D-BDD6-452659A3B94B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{CACC6D91-0A33-4F70-BBBF-533F704955F2}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "TNod" = TNod User & Password Finder "uTorrent" = µTorrent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37993A79-5D36-4227-B8E8-9BDE95B2CE45}" = Bolek i Lolek - Alfabet i nauka czytania "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{52644103-70EE-47F6-9BBB-AA4514B59615}_is1" = Farming Simulator 2013 "{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{606E1B88-065A-41C6-B996-287A0E756FB0}_is1" = EGCabal Online version 2.1.0 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{BE739BC7-030F-4CAA-A6F9-EA59405B7E32}" = Program PIT 2012-2013 "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "ASCII Art Generator_is1" = ASCII Art Generator 3.2.2 "AutoItv3" = AutoIt v3.3.8.1 "avast" = avast! Free Antivirus "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "DAEMON Tools Lite" = DAEMON Tools Lite "DeskUpdate_is1" = DeskUpdate 4.11 "FlashGet3.7" = FlashGet3.7 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{AFFC0877-D62C-4A7D-A11F-1E73B5800D13}" = Bioshock "InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility "KGB Archiver_is1" = KGB Archiver 1.2.1.24 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4 "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL "Proxifier_is1" = Proxifier version 3.21 "QuicktimeAlt_is1" = QuickTime Alternative 2.9.2 "RealPlayer 15.0" = RealPlayer "SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012 "Serenity GamerZ Revolution Client Revolution" = Serenity GamerZ Revolution Client Revolution "Steam App 10" = Counter-Strike "SubEdit-Player_is1" = SubEdit-Player "TeamViewer 7" = TeamViewer 7 "TuneUp Utilities 2012_is1" = TuneUp Utilities 2012 wersja 12.0.3500.29 "TunnelBear" = TunnelBear 1.0.36 "uTorrent" = µTorrent "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bitowy) "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.73 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-323826620-2306945312-2335366591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DDFinal" = DDFinal "GG" = GG "Google Chrome" = Google Chrome [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 1/12/2013 5:57:46 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 8:39:42 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 11:19:00 AM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 1:37:55 PM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Nazwa modułu powodującego błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e10b Identyfikator procesu powodującego błąd: 0x10fc Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf0df9e5cf72e Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Identyfikator raportu: cbc97c46-5cde-11e2-85d8-4c809354acd0 Error - 1/12/2013 7:12:37 PM | Computer Name = Dom-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Nazwa modułu powodującego błąd: CabalMain.exe, wersja: 1.0.0.482, sygnatura czasowa: 0x47c76c12 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e10b Identyfikator procesu powodującego błąd: 0x175c Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf106faebda0f Ścieżka aplikacji powodującej błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Ścieżka modułu powodującego błąd: D:\Program Files (x86)\EGCabal Online\CabalMain.exe Identyfikator raportu: 8d8083f6-5d0d-11e2-85d8-4c809354acd0 Error - 1/12/2013 7:38:15 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 7:47:45 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 7:54:35 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 7:57:32 PM | Computer Name = Dom-Komputer | Source = WinMgmt | ID = 10 Description = Error - 1/12/2013 8:03:14 PM | Computer Name = Dom-Komputer | Source = Application Hang | ID = 1002 Description = Program OTL.exe w wersji 3.2.69.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 85c Godzina rozpoczęcia: 01cdf120f7f68ab6 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Users\Dom\Downloads\OTL.exe Identyfikator raportu: [ System Events ] Error - 1/12/2013 8:12:55 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:13:25 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:13:55 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:14:25 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:14:55 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:15:25 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:15:55 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:16:25 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:16:55 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error - 1/12/2013 8:17:25 PM | Computer Name = Dom-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Instalator modułów systemu Windows zakończyła działanie; wystąpił następujący błąd: %%126 < End of report > [/log]
Natsuki Kuga komentarz 14 stycznia 2013 komentarz 14 stycznia 2013 http://imageshack.us/f/688/trojanotl.png/ To resztki wirusa weelsof, który został uprzednio usunięty przez OTL. + do tego wkleilem skrypt ktory ty mi dales to po zrestartowaniu kompa mam czarny ekran, musze wlaczac menardzer zadan i wylaczac jakies cos, bo bym mial caly czas czarny ekran Co musisz wyłączać? Nie mam pamieci usb W takim razie użyj USBFix "na sucho" z opcji Deletion i pokaż raport.
daro99 komentarz 17 stycznia 2013 Autor komentarz 17 stycznia 2013 To resztki wirusa weelsof, który został uprzednio usunięty przez OTL. Co musisz wyłączać? W takim razie użyj USBFix "na sucho" z opcji Deletion i pokaż raport. Wylaczac musialem menadzerem te pytanie czy wyrazam zgode na otwarcie pliku, bo ekran byl caly czas czarny, ale mniejsza. Sciagnalem 4 sztuki USBfix z roznych stron i kazdy sie zawieszal na 78% i wyskakiwal blad Nie wiem co zrobiles ale przalaczajac miedzy folderami tnie :/ i otwiera 1 folder prze pol minuty Wole formata zrobic
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.