Sounes utworzono 26 stycznia 2013 utworzono 26 stycznia 2013 Witam, dzisiaj zauważyłem że mój komputer zaczął powoli chodzić. A wieć postanowiłem usunąć wirusy które mogły by być przyczyną. I tutaj pojawia sie mój problem. Nie mogłem zeskanować mojego komputera. Ponieważ podczas uruchamiania się programu Combofix komputer sam się zresetował. To nie był przypadek, przy inych próbach było to samo. Dodam jeszcze że w menedżerze zadań widać Ping.exe. Może to właśnie Ping.exe jest przyczyną.A więc postanowiłem poczytać troche o tej aplikacji, jednak jeżeli wpisałem tą aplikacje w przeglądarce komputer też się zresetował. Tak samo się dzialo podczas ściagania skaneru czy AV. Prosze o pomoc.
Zayfi komentarz 26 stycznia 2013 komentarz 26 stycznia 2013 Pobierz OTL i wykonaj skan w trybie awaryjnym http://www.forumpc.pl/topic/277786-nieingerencyjne-narzedzia-do-tworzenia-logow-systemowych/
Natsuki Kuga komentarz 26 stycznia 2013 komentarz 26 stycznia 2013 ComboFix to narzędzie mocno ingerujące w system, a nie program antywirusowy do użycia "od tak". Na przyszłość nie używaj go bez nadzoru osoby posiadającej odpowiednią wiedzę o systemie. Na sam początek pokaż zawartość pliku ComboFix.txt, jeśli takowy się utworzył (szukaj na partycji systemowej). Jeśli go nie ma - nie uruchamiaj skanera ponownie. Pokaż też zestaw logów z OTL i Gmer (instrukcje znajdziesz w przyklejonych).
Sounes komentarz 30 stycznia 2013 Autor komentarz 30 stycznia 2013 Tutaj podaje wyniki ze skanowania OTL. OTL.exe: OTL logfile created on: 2013-01-30 10:49:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sounes\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,86% Memory free 8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,07 Gb Total Space | 1,19 Gb Free Space | 0,58% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 30,58 Gb Free Space | 20,87% Space Free | Partition Type: NTFS Drive E: | 114,20 Gb Total Space | 85,48 Gb Free Space | 74,86% Space Free | Partition Type: NTFS Computer Name: SOUNES-PC | User Name: Sounes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-01-30 10:42:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe PRC - [2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe PRC - [2013-01-19 09:42:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-01-09 16:07:33 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-15 10:39:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-12-13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-10-31 07:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe PRC - [2012-10-04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-08-15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\winlogon.exe PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\services.exe PRC - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\lsass.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-07-14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe MOD - [2013-01-19 09:42:57 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-01-11 20:06:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013-01-11 15:57:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013-01-11 15:57:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013-01-11 15:57:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013-01-11 15:56:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-11 15:56:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013-01-11 15:56:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-11 15:56:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-11 15:56:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-11 15:56:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-11 15:56:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013-01-09 16:07:32 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012-10-31 07:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\winlogon.exe MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\services.exe MOD - [2010-10-19 12:50:34 | 000,042,667 | ---- | M] () -- C:\Users\Sounes\AppData\Local\lsass.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-19 21:55:21 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-01-19 09:42:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-09 16:07:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-15 10:39:52 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012-12-13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-01-09 15:06:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:[b]64bit:[/b] - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:[b]64bit:[/b] - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-01-29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74 IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74 IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB A3 84 59 A3 90 CD 01 [binary data] IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/?aff=7&uid=cab2b824-47a2-11e2-916f-001a4d549e74&q={searchTerms} IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{7A26DB19-9E2E-40DE-AEED-05A30F2776E7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Privitize VPN" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Privitize VPN" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.14.40.128 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-19 09:42:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-19 09:42:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-12 06:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sounes\AppData\Roaming\mozilla\Extensions [2013-01-17 16:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions [2013-01-17 16:47:58 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2012-12-16 18:05:55 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Sounes\AppData\Roaming\mozilla\Firefox\Profiles\5rvaxrfu.default\extensions\50ce036f4b6d0@50ce036f4b708.com [2012-12-16 18:05:39 | 000,002,090 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\mozilla\firefox\profiles\5rvaxrfu.default\searchplugins\Searchab.xml [2013-01-19 09:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-19 09:42:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-19 09:42:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-06 03:57:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-09-06 03:57:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-09-06 03:57:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-09-06 03:57:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-09-06 03:57:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-09-06 03:57:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-09-14 16:57:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe () O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [nservice32] C:\Users\Sounes\AppData\Roaming\nservice32.exe () O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001..\Run: [Tok-Cirrhatus] C:\Users\Sounes\AppData\Local\smss.exe () O4 - Startup: C:\Users\Sounes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Microsoft office 2007\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Microsoft office 2007\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F92EEAEC-7D46-45A1-A3EC-43C729DD819B}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe () O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft office 2007\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-06-10 21:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-01-30 10:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe [2013-01-30 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-30 [2013-01-29 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-29 [2013-01-28 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-28 [2013-01-27 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-27 [2013-01-26 18:57:56 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2013-01-26 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Loc.Mail.Bron.Tok [2013-01-26 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Ok-SendMail-Bron-tok [2013-01-26 11:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Local\Bron.tok-12-26 [2013-01-24 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\NVIDIA [2013-01-24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\Tibia [2013-01-24 19:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2013-01-24 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia [2013-01-19 22:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPlus Applications [2013-01-19 21:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013-01-19 21:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013-01-19 09:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-11 20:26:10 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2013-01-10 16:02:55 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-01-10 16:02:55 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-01-10 16:02:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013-01-10 16:02:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013-01-10 16:02:41 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013-01-10 16:02:41 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013-01-10 16:02:41 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013-01-10 16:02:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013-01-10 16:02:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013-01-10 16:02:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013-01-10 16:02:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013-01-10 16:02:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013-01-10 16:02:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013-01-10 16:02:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013-01-10 16:02:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013-01-10 16:02:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013-01-10 16:02:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013-01-10 16:02:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013-01-10 16:02:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013-01-10 16:02:41 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013-01-10 16:02:41 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013-01-10 16:02:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013-01-10 16:02:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013-01-10 16:02:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013-01-10 16:02:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013-01-10 16:02:40 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013-01-10 16:02:40 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013-01-10 16:02:40 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013-01-10 16:02:40 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013-01-10 16:02:40 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013-01-10 16:02:40 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013-01-10 16:02:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013-01-10 16:02:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013-01-10 16:02:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-01-10 16:02:10 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-01-10 16:02:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-01-10 16:02:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-01-10 16:02:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-01-10 16:02:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-01-10 16:02:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-01-10 16:02:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-01-10 16:02:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-01-10 16:02:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-01-10 16:02:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-01-10 16:02:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-01-10 16:02:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-01-10 16:02:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-01-10 16:02:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-01-10 16:02:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-01-10 16:02:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-01-10 16:02:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-01-10 16:02:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-01-10 16:01:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013-01-09 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Sounes\Desktop\Motywacja [2013-01-09 15:14:20 | 000,000,000 | ---D | C] -- C:\Users\Sounes\Documents\Alcohol 120% [2013-01-09 15:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2013-01-09 15:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2013-01-09 15:06:20 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013-01-09 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2013-01-09 15:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2013-01-02 16:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWood [2013-01-02 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWood [2013-01-02 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\Sounes\AppData\Roaming\InstallShield [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-01-30 10:47:44 | 000,012,393 | ---- | M] () -- C:\Users\Sounes\AppData\Local\Update.12.Bron.Tok.bin [2013-01-30 10:47:13 | 001,662,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-01-30 10:47:13 | 000,737,714 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-01-30 10:47:13 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-01-30 10:47:13 | 000,154,402 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-01-30 10:47:13 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-01-30 10:42:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sounes\Desktop\OTL.exe [2013-01-30 10:26:05 | 000,012,393 | ---- | M] () -- C:\Users\Sounes\AppData\Local\Bron.tok.A12.em.bin [2013-01-30 10:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-30 10:14:38 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013-01-30 01:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-27 13:14:45 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-27 13:14:45 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-26 20:10:43 | 000,001,021 | ---- | M] () -- C:\Users\Sounes\Desktop\Tibia MC Inject — skrót.lnk [2013-01-26 19:33:00 | 000,001,370 | ---- | M] () -- C:\Users\Sounes\Desktop\Tibia — skrót.lnk [2013-01-20 23:00:14 | 001,277,667 | ---- | M] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe [2013-01-19 21:47:04 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-14 20:06:20 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-01-14 20:06:20 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-01-13 18:18:12 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-01-11 15:55:24 | 000,420,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-01-10 23:56:54 | 001,645,982 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-01-09 16:07:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-01-09 16:07:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-01-09 15:16:18 | 000,000,124 | ---- | M] () -- C:\Users\Sounes\Documents\ax_files.xml [2013-01-09 15:11:29 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2013-01-09 15:06:20 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013-01-02 17:01:26 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Gothic II Z³ota Edycja.lnk [2013-01-01 17:42:35 | 000,914,548 | R--- | M] () -- C:\Users\Sounes\Desktop\2012-12-31 22.49.22.jpg [2013-01-01 17:32:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-30 10:47:44 | 000,012,393 | ---- | C] () -- C:\Users\Sounes\AppData\Local\Update.12.Bron.Tok.bin [2013-01-30 10:26:05 | 000,012,393 | ---- | C] () -- C:\Users\Sounes\AppData\Local\Bron.tok.A12.em.bin [2013-01-26 20:10:43 | 000,001,021 | ---- | C] () -- C:\Users\Sounes\Desktop\Tibia MC Inject — skrót.lnk [2013-01-26 19:33:00 | 000,001,370 | ---- | C] () -- C:\Users\Sounes\Desktop\Tibia — skrót.lnk [2013-01-26 14:59:16 | 001,277,667 | ---- | C] () -- C:\Users\Sounes\AppData\Roaming\nservice32.exe [2013-01-19 21:47:04 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013-01-09 15:16:18 | 000,000,124 | ---- | C] () -- C:\Users\Sounes\Documents\ax_files.xml [2013-01-09 15:11:29 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2013-01-02 17:01:26 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Gothic II Z³ota Edycja.lnk [2013-01-01 17:42:35 | 000,914,548 | R--- | C] () -- C:\Users\Sounes\Desktop\2012-12-31 22.49.22.jpg [2013-01-01 17:32:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012-12-08 15:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012-11-09 19:45:38 | 001,645,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-11-05 16:24:44 | 000,000,061 | ---- | C] () -- C:\Users\Sounes\64.7.194.236 [2012-10-06 15:07:32 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012-10-06 15:07:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012-09-14 16:49:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-09-14 16:49:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-09-14 16:49:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-09-14 16:49:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-09-14 16:49:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011-04-03 15:18:37 | 000,042,667 | -H-- | C] () -- C:\Windows\eksplorasi.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\winlogon.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\smss.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\services.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\lsass.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\inetinfo.exe [2011-04-03 15:18:37 | 000,042,667 | ---- | C] () -- C:\Users\Sounes\AppData\Local\csrss.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-10-26 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Gadu-Gadu 10 [2012-09-12 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\LolClient [2012-09-17 15:25:49 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\OpenFM [2012-10-06 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\PunkBuster [2012-09-18 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\SFBot [2013-01-26 15:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Tibia [2013-01-28 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\TS3Client [2012-12-08 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Tunngle [2012-10-06 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\Ubisoft [2013-01-19 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Sounes\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] Extras.exe OTL Extras logfile created on: 2013-01-30 10:49:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sounes\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,86% Memory free 8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,07 Gb Total Space | 1,19 Gb Free Space | 0,58% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 30,58 Gb Free Space | 20,87% Space Free | Partition Type: NTFS Drive E: | 114,20 Gb Total Space | 85,48 Gb Free Space | 74,86% Space Free | Partition Type: NTFS Computer Name: SOUNES-PC | User Name: Sounes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1763272853-2006324963-2204168778-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\MICROS~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Microsoft office 2007\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\MICROS~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FFEEB3E-C7D3-42DB-8EFC-58A926667558}" = lport=6004 | protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\outlook.exe | "{15B5B4C4-7127-4324-A14E-A3B30886360D}" = lport=137 | protocol=17 | dir=in | app=system | "{22C1EC90-A8F4-4FFB-8FD9-74239DF14AD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{241A11CF-5BC5-403D-B438-1EEE2F8CDD6A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{365DC63D-CA5F-40A2-A72D-1F6AB7FCC5EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3902EEC2-06C5-4F96-8417-EC486C51FC0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D84743B-F3DB-41F4-AA51-15FF350C2820}" = lport=139 | protocol=6 | dir=in | app=system | "{53124869-190D-4FE4-9526-20EA556AA91B}" = rport=137 | protocol=17 | dir=out | app=system | "{669AE5FA-E7DE-49D5-BC42-24CD821CC147}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6EA55A36-01A7-4756-A9E9-B94841BD00BB}" = lport=445 | protocol=6 | dir=in | app=system | "{7101BB90-D5AA-4457-AF5E-16992E3A38E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7A11A2EE-C63A-4EEB-A1B7-F33D24FF0D14}" = rport=138 | protocol=17 | dir=out | app=system | "{7C4F47DA-7989-4D6D-A198-28E24D827436}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{88F61926-1426-4F24-B32B-61AB1215546A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8A50D132-36A1-45BD-B779-056582014AD4}" = lport=2869 | protocol=6 | dir=in | app=system | "{8E642420-DC93-447F-A4B5-969B596C30C9}" = rport=10243 | protocol=6 | dir=out | app=system | "{92BDC76B-076A-4893-9051-F727F5A8D049}" = rport=139 | protocol=6 | dir=out | app=system | "{9DAE40EC-B7AA-4161-B7A9-B73368FA3233}" = lport=10243 | protocol=6 | dir=in | app=system | "{B8039ADD-6B50-4565-ACDC-FA6EB70C9407}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C767FDDD-4CBF-4473-804A-9106E2ED805E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C78800FF-932A-4EB7-A965-461C3B592D29}" = rport=445 | protocol=6 | dir=out | app=system | "{C9D73C41-8F3F-4138-BE14-B36A2481B566}" = lport=138 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0213F2EE-5DE7-469E-9770-D7639010846F}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\fc3updater.exe | "{057C6991-27AF-4EBD-9ED3-756941E57FE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0AA8C41F-CAE0-41B9-AC2C-EFE3AF5444AF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0F618CF5-F549-455B-B6B1-BB80D1A04774}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{11CF79EC-089C-457E-9B83-AA9511B4EA87}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{209561C1-5104-4D2F-8D44-110D00282E15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{254D9953-D881-4DA2-A04F-DCC7F29C1D9D}" = protocol=17 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe | "{28A31F43-D378-44C2-B2EC-DEBF1E28B7E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BABEDC9-DD94-4FDB-8C78-4AEF159ACECE}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\assassinscreed3.exe | "{370C6BC5-8ED7-41A4-BA6B-9D6924A93054}" = protocol=6 | dir=in | app=f:\fscommand\cksocketserver.exe | "{3832436C-72A2-4DD6-99C3-C7E6E8295391}" = protocol=17 | dir=in | app=f:\fscommand\cksocketserver.exe | "{3A8BF124-4280-4615-8193-20A73D68078D}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\fc3updater.exe | "{3AB6B331-2968-4150-8514-DFD2E3B3762C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{3F0B4D83-3BBA-4962-A3C4-114AC6DFE3AC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{3F679B3A-6D77-40DB-B14E-5B62A9C93EAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4214A14D-0E28-4368-8726-D4218DFD451F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{43A06555-680E-438C-AEA5-95C41422197B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4735518A-3571-44B3-8A30-31E6BA3DC406}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4A4BFC36-B52C-4DEE-B641-59ED018A8994}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{56CA797D-7263-4772-92E1-3B52D77D2C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{574D9138-DC37-4A41-8BE1-1A4FC4269B24}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5B3A59FF-A253-40CA-84F8-841DCA353017}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5F421726-9646-4AE5-B655-608EB3676788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{61203D3D-01A0-4B3D-BBCD-E735D0A92A5A}" = protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\groove.exe | "{65E8F8A1-140A-477A-83F9-27B5E48CF8C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BDEEF86-B848-407D-964E-934E63F17753}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{6CBCA10C-A8E9-4F3D-A870-28A67629A266}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6E876DBE-A6A0-4C0B-8E43-6A34F56AC3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{74A1CE77-3262-403C-B15F-89856425457F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7ABC38D6-2932-4717-8226-2DF59665ED17}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{7F02619E-05D3-47FB-9800-50A941278F51}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7F06A09B-99F0-4386-A951-1F269564F1C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8011D1D7-B7D5-4649-B6E8-801C71CA30A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{80B16D4D-CDCE-4874-84CA-8DE74651CFA0}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\ac3mp.exe | "{811F89D7-395C-4B44-85B0-70429595C891}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\farcry3.exe | "{82606649-2C0B-4853-8810-1264F1D07F25}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\fc3editor.exe | "{834508E7-6699-4751-AEF4-822B8EFDB4C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{84127C84-1080-496D-B09C-B78CBD29174E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{8F9A55F7-35DD-4424-AF28-17D2FF5376FE}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\ac3sp.exe | "{95D5E277-D0E7-4D9D-9599-8E698376BC71}" = protocol=17 | dir=in | app=e:\gry\far cry 3\bin\farcry3_d3d11.exe | "{99C5C815-CF8F-4C10-A8C9-160833579359}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\ac3sp.exe | "{9CE19E1E-A144-44D2-8868-44C9F2AAB954}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\fc3editor.exe | "{A040529C-AA81-4684-9F10-7B788C297C70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A297C542-45E3-46DA-860E-72565BCAD281}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A3C7B0A3-6A64-4267-ABFC-B699F3D0F9C3}" = protocol=17 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\onenote.exe | "{A40CC069-F4C1-4733-A343-EC740CEBDCC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AD1CEF57-38E8-42F1-BE20-DE8C67770429}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{B061F4F8-3DF0-4555-B9FB-DFCF4F98FA80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B64F718D-4E0D-44C5-A140-AEA3F29D01B6}" = protocol=6 | dir=in | app=d:\gry'\assasins creed 3\assassinscreed3.exe | "{B92F6672-9714-4358-8CA1-331348D297B0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{B942BFE1-54C2-49DB-AB80-96A7A3A7DAF7}" = protocol=6 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe | "{BAC21538-72AD-49A3-A162-8256B2609852}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\farcry3_d3d11.exe | "{C5CD937A-BF49-4C6C-9B86-A06F013FA5A0}" = protocol=6 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\onenote.exe | "{C5D737AA-52BD-42DA-ACC1-5367EAEC0E69}" = protocol=6 | dir=in | app=e:\gry\far cry 3\bin\farcry3.exe | "{CE414FD7-0835-420A-A4A6-A074525C84D7}" = protocol=17 | dir=in | app=d:\gry'\assasins creed 3\ac3mp.exe | "{D1613B3F-71FC-4178-A1CF-888A4109484A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{D46EC74B-456E-486D-B761-ABBACE61B311}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{D4C89F93-0CD0-4CCA-9C60-816B0D1D598E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DE309BBD-D1D5-453D-B46A-215A34F547FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{DFA0D93F-025D-4267-ABFF-C08ED49A017F}" = protocol=6 | dir=out | app=system | "{E1CDB0AF-A91D-41E7-A131-4EF6B1E7DDC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E4B50666-19C6-477B-A30F-988CAC66B963}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{E57B2B72-E7F2-4E77-AD13-EEEF896C3549}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{ED5B20A7-46A3-4C6B-A59C-D61A007139E3}" = protocol=6 | dir=in | app=e:\microsoft office 2007\microsoft office 2007\office12\groove.exe | "{F7B7E655-95CB-444B-91E2-BA04CC0F14B6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{F9DAECB9-10D8-486A-A01B-513EC30A940B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FDDEA832-E572-446A-9DF9-B4A73928F15B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{FE8B16CE-9B98-4989-A88F-D82F81216101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3965C14A-B982-42F2-8047-2B706F04CA42}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{489FBB78-F1E9-4DB3-96A6-2B34CA1F2D04}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{54B2C4AC-E3AC-462D-BFB9-C1F764291499}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | "TCP Query User{971F735A-C98A-4828-B45E-66C198FAE0AD}D:\gry'\sniperelitev2\bin\sniperelitev2.exe" = protocol=6 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe | "TCP Query User{A53F697F-14F5-4F9E-B6C2-4410E1EADD0F}D:\gry'\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\gry'\the witcher 2\bin\witcher2.exe | "TCP Query User{AFCE8716-73E5-459A-9A15-E8B1845496E2}E:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe" = protocol=6 | dir=in | app=e:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe | "TCP Query User{BA7B8FB1-E9C6-43AC-B633-B71620F2918D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "UDP Query User{5D3ABE5D-2931-4DDF-A342-6F5EBC43B28A}E:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe" = protocol=17 | dir=in | app=e:\medal of honor airborne\medal of honor - airborne .2007.pc-rip.game.skullptura\moh - airborne\unrealengine3\binaries\moha.exe | "UDP Query User{706904D7-E630-4096-B118-E277665135A7}D:\gry'\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\gry'\the witcher 2\bin\witcher2.exe | "UDP Query User{851AC92D-F388-4C52-B322-62FD44F35A3E}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe | "UDP Query User{9F9B052E-E6AD-4C52-90D5-80BF473ABB2D}D:\gry'\sniperelitev2\bin\sniperelitev2.exe" = protocol=17 | dir=in | app=d:\gry'\sniperelitev2\bin\sniperelitev2.exe | "UDP Query User{B98CBEE8-124D-4B29-A6A2-7C8E3CE687C0}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{BA8F4E3B-2319-4097-9C53-99A4D854BCF4}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "UDP Query User{EAF1B27B-905B-4F84-ACE0-621C4CAA6B58}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03 "{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A8DE631A-D028-4928-B7D3-8338D0D61FC8}" = portal_pl "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) "{B4FD3F41-E90C-4A3E-AADF-F2FB64CF2E42}" = Gothic II Z³ota Edycja "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Diablo II + Diablo II - Lord of Destruction PL 1.12a" = Diablo II + Diablo II - Lord of Destruction PL 1.12a "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "Gadu-Gadu 10" = Gadu-Gadu 10 "LOLReplay" = LOLReplay "Mozilla Firefox 18.0.1 (x86 pl)" = Mozilla Firefox 18.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Sniper Elite V2_is1" = Sniper Elite V2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition wersja 3.0 "Tibia_is1" = Tibia "UltraISO_is1" = UltraISO Premium V9.53 "Uplay" = Uplay "uTorrent" = µTorrent "uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.20 (32-bit) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-01-27 06:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193 Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod bledu: 0x80070005 Error - 2013-01-27 07:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193 Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod bledu: 0x80070005 Error - 2013-01-27 08:14:06 | Computer Name = Sounes-PC | Source = Software Protection Platform Service | ID = 8193 Description = Wystapil blad harmonogramu aktywacji licencji (sppuinotify.dll), kod bledu: 0x80070005 Error - 2013-01-27 14:47:35 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-28 05:31:46 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-28 14:41:23 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-29 06:26:12 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-29 11:06:51 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-29 16:47:56 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. Error - 2013-01-30 05:14:50 | Computer Name = Sounes-PC | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodla sie. Blad 0x80070005. [ System Events ] Error - 2013-01-29 06:28:17 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038 Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu: %%1330 Aby upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w programie Microsoft Management Console (MMC). Error - 2013-01-29 06:28:17 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000 Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego bledu: %%1069 Error - 2013-01-29 06:33:26 | Computer Name = Sounes-PC | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika. Error - 2013-01-29 11:08:56 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038 Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu: %%1330 Aby upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w programie Microsoft Management Console (MMC). Error - 2013-01-29 11:08:56 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000 Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego bledu: %%1069 Error - 2013-01-29 16:50:01 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038 Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu: %%1330 Aby upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w programie Microsoft Management Console (MMC). Error - 2013-01-29 16:50:01 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000 Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego bledu: %%1069 Error - 2013-01-29 19:18:47 | Computer Name = Sounes-PC | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostalo przerwane, poniewaz nie mozna powiekszyc magazynu kopii w tle z powodu limitu wprowadzonego przez uzytkownika. Error - 2013-01-30 05:16:55 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7038 Description = Usluga nvUpdatusService nie moze zalogowac sie jako .\UpdatusUser za pomoca obecnie skonfigurowanego hasla z powodu nastepujacego bledu: %%1330 Aby upewnic sie, ze usluga jest skonfigurowana prawidlowo, uzyj przystawki Uslugi w programie Microsoft Management Console (MMC). Error - 2013-01-30 05:16:55 | Computer Name = Sounes-PC | Source = Service Control Manager | ID = 7000 Description = Nie mozna uruchomic uslugi NVIDIA Update Service Daemon z powodu nastepujacego bledu: %%1069 < End of report >
Macenobi komentarz 30 stycznia 2013 komentarz 30 stycznia 2013 Ściągnij program Malwarebytes Anti Malware ,polecam kiedy masz wirusy typu trojany itd, przeskanuj nim komputer ,wybierając tryb pelne skanowanie komputera oraz zaznacz wszystkie dyski ,procz stacji dyskow i podaj log z otla
Zayfi komentarz 30 stycznia 2013 komentarz 30 stycznia 2013 (edytowane) 1.Otwórz notatnik i zapisz skrypt pod nazwą skrypt.txt http://wklej.org/id/942181/ 2. Wejdź w tryb awaryjny, uruchom OTL i w okno Własne opcje skanowania/skrypt wklej skopiowany z notatnika skrypt. Kliknij w Wykonaj skrypt. Po restarcie wykonaj nowy skan OTL. Załacz też log z usuwania. Tak na marginesie - jak chcesz czekać na osoby uprawnione to czekaj. A Brontok niech szaleje dalej.
Sounes komentarz 31 stycznia 2013 Autor komentarz 31 stycznia 2013 Tutaj podaje log z usuwania: http://wklej.org/id/943184/ OTL.exe: http://wklej.org/id/943187/ Extras.exe: http://wklej.org/id/943188/
Zayfi komentarz 31 stycznia 2013 komentarz 31 stycznia 2013 Uruchom OTL i w okno Własne opcje skanowania skrypt wklej [xml]:OTL IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-1763272853-2006324963-2204168778-1001\..\SearchScopes\{EF1BC6EC-5312-474F-9AFB-7EA366353470}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC O2 - BHO: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found. :Files C:\Users\Sounes\AppData\Local\Bron.tok-12-31 :Commands [emptytemp][/xml] Kliknij w Wykonaj skrypt. Po usuwaniu zrób nowy skan OTL i przedstaw raport. Log Extras nie potrzebny.
Sounes komentarz 31 stycznia 2013 Autor komentarz 31 stycznia 2013 Log z usuwania: http://wklej.org/id/943285/ OTL.exe: http://wklej.org/id/943293/
Zayfi komentarz 31 stycznia 2013 komentarz 31 stycznia 2013 Uruchom OTL i kliknij Sprzątanie. Wyczyść foldery Przywracania systemu PPM na mój Komputer > Właściwośći > Zaawansowane ustawienia sytemu > Ochrona systemu > konfiguruj > zaznacz opcję Wyłacz ochronę systemu potem zaznacz Przywróć ustawienia i poprzednie wersje plików Podaj skąd był uruchamiany Combofix ścieżka do pliku Combofix.exe?. Trzeba go fachowo odinstalować
Sounes komentarz 31 stycznia 2013 Autor komentarz 31 stycznia 2013 Komputer>dysk lokalny C>Windows.old>Documents and Settings>ADMIN>Moje dokumenty>Pobieranie Taka jest ścieżka do pliku Combofix.exe. Naprawde konieczne jest jego odinstalowanie?
Zayfi komentarz 31 stycznia 2013 komentarz 31 stycznia 2013 (edytowane) Komputer>dysk lokalny C>Windows.old>Documents and Settings>ADMIN>Moje dokumenty>Pobieranie Taka jest ścieżka do pliku Combofix.exe. Naprawde konieczne jest jego odinstalowanie? Co za niemądre pytanie. Combofix to nie jest antidotum na wirusy. Stosuje się go wyłacznie na polecenie osób mających wiedzę o infekcjach. Czy instalator jest w podanej ścieżce? C:\Windows.old\Documents and Settings\ADMIN\Moje dokumenty\Pobieranie
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.